Vulners
Lucene search
TP-Link Archer C1200 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | TP-Link Archer C1200 Cross-Site Scripting Vulnerability | 6 Jul 201800:00 | – | cnvd |
 | CVE-2018-13134 | 4 Jul 201808:00 | – | cve |
 | CVE-2018-13134 | 4 Jul 201808:00 | – | cvelist |
 | EUVD-2018-5083 | 7 Oct 202500:30 | – | euvd |
 | CVE-2018-13134 | 4 Jul 201808:29 | – | nvd |
 | CVE-2018-13134 | 4 Jul 201808:29 | – | osv |
 | Design/Logic Flaw | 4 Jul 201808:29 | – | prion |
`[+] Unauthenticated
[+] Author: Usman Saeed (usman [at] xc0re.net)
[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU
[A*] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.
[A*] Reason: The remote webserver does not filter special characters or illegal input.
[+] Attack type: Remote
[+] Patch Status: Unpatched
[+] Exploitation:
[!] The Cross-site scripting vector can be executed, as illustrated below
http://hostname/webpages/data/_._.<img src=a onerror=alert(aReflected-XSSa)>../..%2f
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Dec 2018 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.00364