On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
References
Link | Resource |
---|---|
https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80 | Exploit Third Party Advisory |
https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj | Exploit Third Party Advisory |
https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-29T23:28:52
Updated: 2019-12-29T23:28:52
Reserved: 2019-12-29T00:00:00
Link: CVE-2019-20076
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-30T00:15:11.753
Modified: 2020-01-02T20:12:54.267
Link: CVE-2019-20076
JSON object: View
Redhat Information
No data.
CWE