On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
References
Link | Resource |
---|---|
https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go | Exploit Third Party Advisory |
https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw | Exploit Third Party Advisory |
https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-29T23:29:24
Updated: 2019-12-29T23:29:24
Reserved: 2019-12-29T00:00:00
Link: CVE-2019-20073
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-30T00:15:11.457
Modified: 2020-01-02T19:56:55.863
Link: CVE-2019-20073
JSON object: View
Redhat Information
No data.
CWE