Multiple cross-site scripting vulnerabilities in EZCast Pro II Dongle

7.4 / 10

HIGH

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U

Description

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.

Basic Information

ID CVE-2026-24348

Source NCSC.ch

Published Jan 27, 2026 at 09:31

Affected Product

Vendor EZCast

Product EZCast Pro II

Version 1.17478.146

Affected Versions EZCast EZCast Pro II 1.17478.146

CWE Classification

CWE-20

References

hub.ntc.swiss /ntcf-2025-145332

{
    "lastseen": "",
    "description": "Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.",
    "published": "2026-01-27T09:31:19.110Z",
    "modified": "2026-01-27T09:31:19.110Z",
    "type": "cve",
    "title": "Multiple cross-site scripting vulnerabilities in EZCast Pro II Dongle",
    "source": "NCSC.ch",
    "references": "https://hub.ntc.swiss/ntcf-2025-145332",
    "id": "CVE-2026-24348",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "EZCast EZCast Pro II 1.17478.146",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EZCast Pro II",
    "version": "1.17478.146",
    "vendor": "EZCast",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Multiple cross-site scripting vulnerabilities in EZCast Pro II Dongle_CVE-2026-24348