7 matches found
CVE-2019-17523
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...
CVE-2019-17524
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...
CVE-2019-17523
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...
Cross site scripting
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...
CVE-2019-17523
CVE-2019-17523 and CVE-2019-17524 concern the same device family: Technicolor TC7300 STFA.51.20. The CVE-2019-17523 entry describes an XSS vulnerability that allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. The related CVE-2019-17524 entry describ...
CVE-2019-17524
CVE-2019-17524 describes an XSS vulnerability affecting Technicolor TC7300 STFA.51.20 devices. The issue stems from the web interface where an attacker can inject arbitrary script via the "Connected Clients" field to /wlanAccess.asp; an intranet host can exploit this with a crafted hostname. Mult...
CVE-2019-17524
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...