Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneGrampaeH1:386570
HistoryJul 25, 2018 - 5:23 a.m.

Ubiquiti Inc.: Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7

2018-07-2505:23:27
grampae
hackerone.com
50

EPSS

0.001

Percentile

48.9%

JSON

AirMax XW.v6.2.0 (and prior) containing multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user’ session information and/or account takeover of the admin user.
These vulnerabilities were found on AirMax AirMax AirOS v6.2.0 and prior versions for TI, XW and XM boards.

The fix for these vulnerabilities were included in the new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards.
For more details please visit:
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83

https://www.ui.com/download/airmax-m

Related

cvelist 1
nvd 1
prion 1
hackerone 3
cve 1
cvelist
cvelist
CVE-2020-8170
2020-05-26 15:37:27
nvd
nvd
CVE-2020-8170
2020-05-26 16:15:12
prion
prion
Cross site scripting
2020-05-26 16:15:00
hackerone
hackerone
Ubiquiti Inc.: 3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)
2018-03-30 15:29:46
Ubiquiti Inc.: Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices
2019-07-27 04:12:17
Ubiquiti Inc.: RCE in AirOS 6.2.0 Devices with CSRF bypass
2019-09-29 04:49:47
cve
cve
CVE-2020-8170
2020-05-26 16:15:12

EPSS

0.001

Percentile

48.9%

JSON
Related for H1:386570
cvelist1nvd1prion1hackerone3cve1