Cross site scripting

2006-03-0102:02:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.7%

JSON

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.

CPENameOperatorVersion
speedtoucheq546.0.53260
speedtoucheq580.0.53260
speedtoucheq585.0.53260
speedtoucheq530.0.53260
speedtoucheq536.0.53260
speedtoucheq576.0.53260
speedtoucheq516.0.53260

Name	Operator	Version
speedtouch	eq	546.0.53260
speedtouch	eq	580.0.53260
speedtouch	eq	585.0.53260
speedtouch	eq	530.0.53260
speedtouch	eq	536.0.53260
speedtouch	eq	576.0.53260
speedtouch	eq	516.0.53260

References

secunia.com/advisories/19069

securitytracker.com/id?1015688

www.osvdb.org/23527

www.securityfocus.com/archive/1/426186

www.securityfocus.com/bid/16839

www.vupen.com/english/advisories/2006/0765

exchange.xforce.ibmcloud.com/vulnerabilities/24977