{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T00:02:30.070","vulnerabilities":[{"cve":{"id":"CVE-2024-55040","sourceIdentifier":"cve@mitre.org","published":"2025-07-21T16:15:28.717","lastModified":"2025-08-07T18:14:53.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters."},{"lang":"es","value":"La vulnerabilidad de cross-site scripting en Sensaphone WEB600 Monitoring System v.1.6.5.H y anteriores permite a un atacante remoto ejecutar código arbitrario a través de solicitudes GET manipuladas para /@.xml, colocando payloads en los parámetros g7200, g7300, g4601 y g1F02."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sensaphone:web600_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.5.H","matchCriteriaId":"F4E36A0E-719A-4237-B8DD-DFD1E3F011F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sensaphone:web600:-:*:*:*:*:*:*:*","matchCriteriaId":"4A7CED99-CAA1-44B7-B8C5-361BB1D5CEF7"}]}]}],"references":[{"url":"https://github.com/tcbutler320/Sensaphone-WEB600-XSS","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://sensaphone.com/products/sensaphone-web600-monitoring-system","source":"cve@mitre.org","tags":["Product"]},{"url":"https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-55040","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}