Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Airspan AirSpot 5410 跨站脚本漏洞
Vulnerability Description
Airspan AirSpot 5410是美国Airspan公司的一款先进的 LTE、CAT12、户外、多服务产品。 Airspan AirSpot 5410 0.3.4.1-4及以前版本存在安全漏洞,该漏洞源于其二进制组件/home/www/cgi-bin/login.cgi未检查用户是否通过身份验证导致恶意攻击者可以利用经过base32编码的跨站脚本有效载荷生成请求导致恶意脚本注入用户设置界面。
CVSS Information
N/A
Vulnerability Type
N/A