CellPipe Router XSS vulnerability Device model : CellPipe 7130 RG 5Ae. M2013 HOL *Software Version:* : *1.0.0.20h.HOL* CVE: CVE-2015-4587 Date: 16/06/2015 Discovered by: DiLi Vulnerability type: Stored XSS vulnerabilities in the router's web interface Exploitation and Impact: A cross site scripting vulnerability is shared among the router's users. These can harm other users of the router. The malicious javascript can be executed in the context of an other user's browsers and allows several different attack opportunities, mostly hijacking the current session of the user. This happens because the user input is interpreted as HTML/JavaScript by the browser. For example at the "port triggering" menu at the "Custom application" field we can add javascript like : <script> alert(document.cookie)</script>