exploitDog

CVE-2022-38814

Опубликовано: 15 сент. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.

Ссылки

https://packetstormsecurity.com/files/168065/Fiberhome-AN5506-02-B-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/168065/Fiberhome-AN5506-02-B-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:fiberhome:an5506-02-b_firmware:rp2521:*:*:*:*:*:*:*

cpe:2.3:h:fiberhome:an5506-02-b:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00429

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4fx3-r464-9c28

CVSS3: 5.4

github

больше 3 лет назад

A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.

EPSS

Процентиль: 62%

0.00429

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79