CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

PT-2024-24326 · Engenius · Engenius Esr580

Name of the Vulnerable Software and Affected Versions: EnGenius ESR580 A8J-EMR5000 devices affected versions not specified Description: The issue allows a remote attacker to conduct stored XSS attacks, potentially leading to arbitrary JavaScript code execution under the context of the user's...

EnGenius ESR580 安全漏洞

The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 that originates from allowing remote attackers to conduct a stored cross-site scripting attack via the Wi-Fi SSID input field, which can lead to arbitrary JavaScript cod...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-31975

CVE-2024-31975 affects EnGenius EWS356-Fit (and ESR580) up to version 1.1.30, where a stored XSS is possible via Wi-Fi SSID parameters. The attack relies on the user interacting with the SSID EDIT button to trigger JavaScript execution. Root cause: UI/input handling in SSID parameter parsing allo...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

EnGenius ESR580 安全漏洞

The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 version 1.1.30 and earlier, which stems from a stored cross-site scripting attack that allows remote attackers to conduct a stored cross-site scripting attack via the...