Vulnerability CVE-2018-6193


Published: 2018-01-24

Description:
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Routers2 2.24 Cross Site Scripting
Lorenzo Di Fucci...
28.02.2018

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Routers2 project -> Routers2 

 References:
https://github.com/sshipway/routers2/issues/1
https://www.exploit-db.com/exploits/44216/

Copyright 2024, cxsecurity.com

 

Back to Top