exploitDog

GHSA-387q-r347-qf62

Опубликовано: 01 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

A reflected cross-site scripted (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

A reflected cross-site scripted (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

Ссылки

EPSS

Процентиль: 12%

0.00039

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-57389

CVSS3: 5.4

nvd

4 месяца назад

A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0.

EPSS

Процентиль: 12%

0.00039

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79