Описание
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00069
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.5
github
около 2 лет назад
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.
EPSS
Процентиль: 21%
0.00069
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79