3 matches found
CVE-2023-34354
creationtimestamp| type| source ---|---|--- 2023-10-11 20:17:55+00:00| seen| https://t.me/cibsecurity/72125...
CVE-2023-34354
The TALOS advisory (TALOS-2023-1781) confirms a stored cross-site scripting (XSS) vulnerability in Peplink Surf SOHO HW1 v6.3.5 (QEMU). The issue resides in the upload_brand.cgi handler, where an authenticated user can trigger arbitrary JavaScript execution in another user’s browser via a crafted...
CVE-2023-34354
A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...