← Back to CVEs
CVE-2026-24348
MEDIUM6.1
Description
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
CVE Details
CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published1/27/2026
Last Modified2/5/2026
Sourcenvd
Honeypot Sightings0
Affected Products
nimbletech:ezcast_pro_dongle_iinimbletech:ezcast_pro_dongle_ii_firmware
Weaknesses (CWE)
CWE-20CWE-79
References
https://hub.ntc.swiss/ntcf-2025-145332(vulnerability@ncsc.ch)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.