Описание
Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
Ссылки
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.6 (включая)
Одновременно
cpe:2.3:o:elecom:wab-s1167-ps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wab-s1167-ps:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.5.10 (включая)
Одновременно
cpe:2.3:o:elecom:wab-i1750-ps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wab-i1750-ps:-:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00936
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
EPSS
Процентиль: 76%
0.00936
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79