Lucene search

K

5 matches found

CVE
CVE
added 2021/05/25 2:15 p.m.52 views

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.

6.1CVSS6.4AI score0.00489EPSS
CVE
CVE
added 2020/03/23 8:15 p.m.44 views

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways...

5.3CVSS5.3AI score0.00853EPSS
CVE
CVE
added 2023/04/10 2:15 p.m.43 views

CVE-2023-24181

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.

5.4CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2022/11/03 12:15 p.m.42 views

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.

5.4CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2019/05/23 3:30 p.m.34 views

CVE-2019-12272

In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.

9.8CVSS9.7AI score0.37652EPSS