CVE-2023-5880 - Code injection
CVE Information
Original CVE data
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser.
Geniecompany - (1)
Basic Analysis
Common vulnerability metrics
Code injection
Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs
No exploit code is reported to exist.
Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog
-
No sightings of the vulnerability within threat reports.
Cybersecurity Frameworks
How the vulnerability maps against various cybersecurity frameworks
Compliance Impact
How the submited vulnerability affects compliance
Web Application Security Frameworks
Applicable if the issue likely affects a web application