A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.
References
Link | Resource |
---|---|
https://github.com/x-wrt/luci/commit/24d7da2416b9ab246825c33c213fe939a89b369c | Patch |
https://github.com/x-wrt/luci/releases/tag/22.10_b202303121313 | Release Notes |
https://vuldb.com/?ctiid.230663 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.230663 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulDB
Published: 2023-06-03T10:31:02.697Z
Updated: 2023-10-23T07:54:51.637Z
Reserved: 2023-06-03T10:00:14.019Z
Link: CVE-2023-3085
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-03T11:15:21.443
Modified: 2024-05-17T02:27:15.383
Link: CVE-2023-3085
JSON object: View
Redhat Information
No data.
CWE