CellPipe 7130 Cross Site Scripting

2015.06.17
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

CellPipe Router XSS vulnerability Device model : CellPipe 7130 RG 5Ae. M2013 HOL *Software Version:* : *1.0.0.20h.HOL* CVE: CVE-2015-4587 Date: 16/06/2015 Discovered by: DiLi Vulnerability type: Stored XSS vulnerabilities in the router's web interface Exploitation and Impact: A cross site scripting vulnerability is shared among the router's users. These can harm other users of the router. The malicious javascript can be executed in the context of an other user's browsers and allows several different attack opportunities, mostly hijacking the current session of the user. This happens because the user input is interpreted as HTML/JavaScript by the browser. For example at the "port triggering" menu at the "Custom application" field we can add javascript like : <script> alert(document.cookie)</script>

References:

https://gr.linkedin.com/pub/dionisia-lerataki/88/18/891


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top