Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenWrt LuCI 跨站脚本漏洞
Vulnerability Description
OpenWrt LuCI是一款用于OpenWrt(Linux发行版)的图形化配置界面。OpenWrt是一套针对嵌入式设备的Linux操作系统。 OpenWrt luci web-interface 存在跨站脚本漏洞,该漏洞源于 OpenWrt luci web-interface 中处理主机名时对用户提供的数据的清理不足。远程攻击者可以在易受攻击的网站上下文中在用户浏览器中注入和执行任意 HTML 和脚本代码。 公开的漏洞允许远程攻击者执行跨站脚本 (XSS) 攻击。
CVSS Information
N/A
Vulnerability Type
N/A