This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the > Wireless > Access Control > Add Managed Device screen. | |
Impact: | |
Script can be stored in Database and execute every time when users visits it. If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. | |
Amongst other things, the attacker can: | |
1) Perform any action within the application that the user can perform. | |
2) View any information that the user is able to view. | |
3) Modify any information that the user is able to modify. | |
4) Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. |