QwikSec

Security Database

CVE

CWE

Training

CVE-2024-43687

Published: Oct 4, 2024

Modified: May 23, 2025

PUBLISHED

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Vendor	Product	Versions
Microchip	TimeProvider 4100	affected `1.0 - < 2.4.7` affected `2.4.16 - < 2.5`

Weaknesses (CWE)

References

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-stored-xss-vulnerability-in-banner

vendor-advisory

https://www.gruppotim.it/it/footer/red-team.html

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.