CVE-2021-32019

CVE-2021-32019 corresponds to a cross-site scripting (XSS) vulnerability in the OpenWrt LuCI web-interface, caused by missing input validation when processing host names on the Connection Status page. The issue allows an attacker to inject and execute HTML/script in the user’s browser, with the n...

CVE-2021-32019

There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...

PT-2021-7935 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt versions prior to 19.07.8 Description: The issue is related to missing input validation of host names displayed in OpenWrt, which allows for XSS attacks on the Connection Status page of the luci web-interface. This can be exploited to...

Security Advisory 2021-08-01-1 - XSS via missing input validation of host names displayed (CVE-2021-32019)

DESCRIPTION Missing input validation of host names displayed in OpenWrt LuCI web-interface leads to Cross-site scripting, which can be used to gain full control over the affected system. REQUIREMENTS Users need to visit the LuCI “Connection status” page of the router and activate the host name...

Security Advisory 2021-08-01-2 - Stored XSS in hostname UCI variable (CVE-2021-33425)

DESCRIPTION Multiple OpenWrt LuCI templates, including the one shipped by default, integrated the content of the UCI hostname variable without stripping it from malicious JavaScript. This allowed an attacker, which can control the content of the UCI hostname variable, to inject a arbitrary...

Security Advisory 2021-08-01-3 - luci-app-ddns: Multiple authenticated RCEs (CVE-2021-28961)

DESCRIPTION An authenticated user in LuCI is able to inject shell code in luci-app-ddns. Multiple variables in the luci-app-ddns applications where not validated before they were executed on the system's shell, which could be exploited by adding system shell commands. REQUIREMENTS To exploit this...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in the OpenWrt luci web-interface, which stems from insufficient cleanup of user-supplied data when processing hostnames in the OpenWrt luci web-interface. A remote attacker could inject and...

SUSE: Security Advisory (SUSE-SU-2019:3393-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33425

A stored cross-site scripting XSS vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation...

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

CVE-2021-33425

A stored cross-site scripting XSS vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation...

Cross site scripting

A stored cross-site scripting XSS vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation...

Cross site scripting

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

CVE-2021-33425

CVE-2021-33425 is a stored XSS in OpenWrt LuCI web interface (hostname change) affecting LuCI 19.07 series (19.07.0–19.07.7). The root cause is improper handling of the UCI hostname content in LuCI templates, allowing arbitrary JavaScript to be injected into the hostname field and reflected in th...

CVE-2021-33425

A stored cross-site scripting XSS vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation...

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

CVE-2021-27821

The CVE-2021-27821 entry concerns the Web Interface for OpenWrt LuCI (version 19.07 and earlier). It describes a cross-site scripting (XSS) vulnerability in the LuCI web interface that can lead to arbitrary code execution. Affected product/component: OpenWrt LuCI web interface up to v19.07. Under...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability exists in OpenWRT LuCI version 19.07 and earlier, which can be exploited by an attacker to execute arbitrary code...

PT-2021-7936 · Openwrt · Openwrt Luci

Name of the Vulnerable Software and Affected Versions: OpenWrt LuCI version 19.07 Description: The issue is related to a stored cross-site scripting XSS vulnerability in the web interface of OpenWrt LuCI. This vulnerability allows attackers to inject arbitrary Javascript code into the OpenWrt...