Описание
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.
Уязвимые конфигурации
Конфигурация 1Версия до 3.5 (включая)
Одновременно
cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cambiumnetworks:epmp_1000:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.5 (включая)
Одновременно
cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cambiumnetworks:epmp_2000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.
EPSS
Процентиль: 53%
0.00296
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79