exploitDog

GHSA-4484-7jwf-xv44

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

Ссылки

EPSS

Процентиль: 44%

0.00212

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-34207

CVSS3: 6.1

nvd

больше 4 лет назад

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

EPSS

Процентиль: 44%

0.00212

Низкий

CVE ID

Дефекты

CWE-79