CVE-2023-28648

CVSS 7.5 · High EPSS 3.00% · P87 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-28648

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

CVE-2023-28648

Source: NVD (National Vulnerability Database)

Vulnerability Description

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Osprey Pump Controller 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Osprey Pump Controller是Osprey公司的一款泵控制器。 Osprey Pump Controller 1.01版本存在安全漏洞，该漏洞源于输入在返回给用户之前没有经过适当的过滤。攻击者利用该漏洞在受影响的用户浏览器会话中执行任意HTML/JS代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ProPump and Controls, Inc.	Osprey Pump Controller	1.01	-

II. Public POCs for CVE-2023-28648

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-28648

请登录查看更多情报信息。

Same Patch Batch · ProPump and Controls, Inc. · 2023-03-28 · 9 CVEs total

CVE-2023-27394	9.8 CRITICAL	CVE-2023-27394
CVE-2023-27886	9.8 CRITICAL	CVE-2023-27886
CVE-2023-28398	9.8 CRITICAL	CVE-2023-28398
CVE-2023-28654	9.8 CRITICAL	CVE-2023-28654
CVE-2023-28395	8.3 HIGH	CVE-2023-28395
CVE-2023-28712	8.2 HIGH	CVE-2023-28712
CVE-2023-28375	7.5 HIGH	CVE-2023-28375
CVE-2023-28718	7.1 HIGH	CVE-2023-28718

IV. Related Vulnerabilities

Same product: Osprey Pump Controller

Same vendor: ProPump and Controls, Inc.

V. Comments for CVE-2023-28648

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-28648

I. Basic Information for CVE-2023-28648

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-28648

III. Intelligence Information for CVE-2023-28648

Same Patch Batch · ProPump and Controls, Inc. · 2023-03-28 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-28648

Leave a comment