What is CVE-2021-23860?

CVE-2021-23860 is a medium-severity vulnerability in Bosch Bvms, classified under Cross-site Scripting. CVSS score: 5.0/10. Published 2021-12-08.

How severe is CVE-2021-23860?

Medium severity. CVSS v3 base score is 5.0 out of 10.

XSS in Bosch Bvms

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects insta…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (48.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Bosch Bvms — versions unspecified, 11.0, 10.0
Bosch Divar Ip 7000 R2 — versions all
Bosch Divar Ip All-in-one 5000 — versions all
Bosch Divar Ip All-in-one 7000 — versions all
Bosch Vrm — versions unspecified, 4.0, 3.83

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-23860?: CVE-2021-23860 is a medium-severity vulnerability in Bosch Bvms, classified under Cross-site Scripting. CVSS score: 5.0/10. Published 2021-12-08.
How severe is CVE-2021-23860?: Medium severity. CVSS v3 base score is 5.0 out of 10.