2 matches found
Ubiquiti UniFi Controller DHCP Hostname脚本注入漏洞
CVE ID:CVE-2013-3572 Ubiquiti Networks UniFi是一款企业级无线网络系统。 Ubiquiti Networks UniFi中的UniFi Controller管理接口存在跨站脚本漏洞,允许远程攻击者利用漏洞通过特制的客户端主机名,注入恶意脚本或HTML代码,当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 Ubiquiti UniFi Controller 2.x 厂商补丁: Ubiquiti Networks ----- 用户可参考如下厂商提供的安全公告获得补丁信息:...
CVE-2013-3572
UniFi Controller (Ubiquiti) 2.x before 2.3.5 is affected by an XSS in the administer interface. A crafted client hostname can cause remote attackers to inject arbitrary script/HTML, potentially exposing sensitive data or session hijacking when the payload is rendered. Root cause: insufficient inp...