Lucene search
K

6 matches found

CVE
CVE
added 2021/05/25 1:41 p.m.67 views

CVE-2021-27821

The CVE-2021-27821 entry concerns the Web Interface for OpenWrt LuCI (version 19.07 and earlier). It describes a cross-site scripting (XSS) vulnerability in the LuCI web interface that can lead to arbitrary code execution. Affected product/component: OpenWrt LuCI web interface up to v19.07. Under...

6.1CVSS6.2AI score0.00586EPSS
CVE
CVE
added 2022/11/03 12:0 a.m.62 views

CVE-2022-41435

OpenWrt LuCI is affected by a stored XSS in the /system/sshkeys.js component of version git-22.140.66206-02913be. The vulnerability allows an attacker to execute arbitrary web scripts or HTML via crafted public key comments, with exploitation focusing on the LuCI Web UI. Root cause appears to be ...

5.4CVSS5.3AI score0.00473EPSS
Web
CVE
CVE
added 2023/04/10 12:0 a.m.62 views

CVE-2023-24181

CVE-2023-24181 affects LuCI on the OpenWrt 22.03 branch (git-22.361.69894-438c598) and is a reflected XSS in the component "/openvpn/pageswitch.htm". The vulnerability is described as a reflected Cross-Site Scripting issue with network access (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N); exploitation re...

5.4CVSS5.3AI score0.00598EPSS
CVE
CVE
added 2020/03/23 7:45 p.m.60 views

CVE-2020-10871

OpenWrt LuCI git-20.x contains an information disclosure vulnerability: remote, unauthenticated attackers can retrieve the list of installed packages and services. The vendor disputes the severity, noting the information is publicly obtainable by unauthenticated actors via other methods, and ther...

5.3CVSS5.3AI score0.01679EPSS
CVE
CVE
added 2019/05/23 2:13 p.m.51 views

CVE-2019-12272

CVE-2019-12272 affects OpenWrt LuCI prior to 0.10. The web application endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status are affected by a command injection vulnerability. The connected documents confirm the issue but do not provide details on exploit vect...

9.8CVSS9.7AI score0.07369EPSS
CVE
CVE
added 2026/03/19 10:46 p.m.32 views

CVE-2026-32721

LuCI (OpenWrt configuration interface) is affected by a stored XSS in the wireless scan modal within luci-mod-network. The vulnerability arises because SSIDs from scan results are rendered as raw HTML via innerHTML in wireless.js when passed to dom.append(), allowing a malicious SSID to execute a...

8.6CVSS5.8AI score0.00239EPSS