Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mimosa B5 跨站脚本漏洞
Vulnerability Description
Mimosa B5是mimosa的网络设备Mimosa B5 回程是最容易部署且容量最高的未授权 5 GHz 回程解决方案,适用于中短程链路应用。 Mimosa B5c/B5/C5c存在跨站脚本漏洞,该漏洞允许从未经身份验证或经过身份验证的角度在设备的底层操作系统上远程执行命令。
CVSS Information
N/A
Vulnerability Type
N/A