SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.
Fixes

Solution

Update SmartRobot to version v7.1.0 or later, or contact the vendor for patch recommendations.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00073}

epss

{'score': 0.00077}


Fri, 20 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Intumit
Intumit smartrobot
Intumit smartrobot Firmware
CPEs cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*
cpe:2.3:o:intumit:smartrobot_firmware:*:*:*:*:*:*:*:*
Vendors & Products Intumit
Intumit smartrobot
Intumit smartrobot Firmware

Mon, 16 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Sep 2024 05:45:00 +0000

Type Values Removed Values Added
Description SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.
Title INTUMIT SmartRobot - Cross-site Scripting
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-09-16T13:06:09.757Z

Reserved: 2024-09-13T09:43:44.404Z

Link: CVE-2024-8776

cve-icon Vulnrichment

Updated: 2024-09-16T13:06:03.061Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-16T06:15:11.023

Modified: 2024-09-20T16:38:51.910

Link: CVE-2024-8776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.