Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2016/Feb/8 | Mailing List Third Party Advisory |
http://www.securityfocus.com/archive/1/537441/100/0/threaded | |
https://www.exploit-db.com/exploits/39407/ | Exploit Third Party Advisory VDB Entry |
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-20T15:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2014-02-19T00:00:00
Link: CVE-2014-2045
JSON object: View
NVD Information
Status : Modified
Published: 2017-01-20T15:59:00.147
Modified: 2018-10-09T19:43:08.283
Link: CVE-2014-2045
JSON object: View
Redhat Information
No data.
CWE