Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-36266
HistoryAug 08, 2022 - 2:35 p.m.

CVE-2022-36266

2022-08-0814:35:29
mitre
www.cve.org
5
airspan airspot
stored xss
vulnerability
authentication
base32 encoded
injection
malicious scripts

EPSS

0.001

Percentile

34.8%

JSON

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.

Related

prion 1
nvd 1
packetstorm 1
cve 1
zdt 1
prion
prion
Cross site scripting
2022-08-08 15:15:00
nvd
nvd
CVE-2022-36266
2022-08-08 15:15:08
packetstorm
packetstorm
FLIX AX8 1.46.16 Remote Command Execution
2022-08-19 00:00:00
cve
cve
CVE-2022-36266
2022-08-08 15:15:08
zdt
zdt
FLIR AX8 1.46.16 Remote Command Execution Exploit
2022-08-22 00:00:00

EPSS

0.001

Percentile

34.8%

JSON
Related for CVELIST:CVE-2022-36266
prion1nvd1packetstorm1cve1zdt1