Cross site scripting

2017-11-1602:29:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.

CPENameOperatorVersion
arris_tg1682g_firmwareeq10.0.59-sip-pc20-ct

CPE	Name	Operator	Version
	arris_tg1682g_firmware	eq	10.0.59-sip-pc20-ct

References

packetstormsecurity.com/files/134288/Arris-TG1682G-Modem-Cross-Site-Scripting.html

www.exploit-db.com/exploits/38657/