CVE-2015-4699
The affected product is Cloud4Wi Splash Portal (before version 5.9.7). A Cross-Site Scripting (XSS) vulnerability exists in the Splash Portal that allows remote attackers to inject arbitrary web script or HTML by supplying malicious input to the recoveryMessage parameter in the default URI. This ...