Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormUsman SaeedPACKETSTORM:150758
HistoryDec 12, 2018 - 12:00 a.m.

TP-Link Archer C1200 Cross Site Scripting

2018-12-1200:00:00
Usman Saeed
packetstormsecurity.com
68

0.001 Low

EPSS

Percentile

33.6%

JSON
`[+] Unauthenticated  
  
[+] Author: Usman Saeed (usman [at] xc0re.net)  
  
[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU  
  
[A*] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.  
  
[A*] Reason: The remote webserver does not filter special characters or illegal input.  
  
[+] Attack type: Remote  
  
[+] Patch Status: Unpatched  
  
[+] Exploitation:  
  
[!] The Cross-site scripting vector can be executed, as illustrated below  
  
http://hostname/webpages/data/_._.<img src=a onerror=alert(aReflected-XSSa)>../..%2f  
  
  
`

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2018-13134
2018-07-04 08:29:00
prion
prion
Design/Logic Flaw
2018-07-04 08:29:00
cve
cve
CVE-2018-13134
2018-07-04 08:29:00
cvelist
cvelist
CVE-2018-13134
2018-07-04 08:00:00

0.001 Low

EPSS

Percentile

33.6%

JSON
Related for PACKETSTORM:150758
nvd1prion1cve1cvelist1