Lucene search

CVE-2019-7438

🗓️ 21 Mar 2019 16:13:01Reported by mitreType

cve🔗 web.nvd.nist.gov👁 49 Views🌐 WEB

JioFi 4G M2S 1.0.2 XSS and HTML injection vulnerabilit

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2019-7438	20 Mar 201920:03	–	cvelist
Packet Storm	JioFi 4G M2S 1.0.2 Cross Site Scripting	25 Apr 201900:00	–	packetstorm
exploitpack	JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting	25 Apr 201900:00	–	exploitpack
Prion	Design/Logic Flaw	21 Mar 201916:01	–	prion
Exploit DB	JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting	25 Apr 201900:00	–	exploitdb
0day.today	JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Vulnerability	25 Apr 201900:00	–	zdt
NVD	CVE-2019-7438	21 Mar 201916:01	–	nvd

Nvd

Node

jio jiofi_4g_m2s_firmwareMatch1.0.2

AND

jio jiofi_4g_m2sMatch-

Source	Link
gkaim	www.gkaim.com/cve-2019-7438-html-vikas-chaudhary/
packetstormsecurity	www.packetstormsecurity.com/files/152625/JioFi-4G-M2S-1.0.2-Cross-Site-Scripting.html
gkaim	www.gkaim.com/cve-2019-7438-xss-vikas-chaudhary/
exploit-db	www.exploit-db.com/exploits/46751/

Parameter	Position	Path	Description	CWE
mask	request body	/cgi-bin/qcmap_web_cgi	The mask parameter allows for HTML injection resulting in a fake login page being displayed, which is a form of XSS vulnerability.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Mar 2019 16:01Current

6.2Medium risk

Vulners AI Score6.2

CVSS24.3

CVSS36.1

EPSS0.00261

CWE-79