Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site scripting (XSS) vulnerability on WIC1200
Vulnerability Description
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Xantech WIC1200 跨站脚本漏洞
Vulnerability Description
Xantech WIC1200是Xantech公司的一个Web智能控制器。 Xantech WIC1200 1.1版本存在跨站脚本漏洞,该漏洞源于经过身份验证的用户可以通过/setup/diags_ir_learn.asp在设备model参数存储恶意 JavaScript 负载,攻击者利用该漏洞可以检索其他用户的会话详细信息。
CVSS Information
N/A
Vulnerability Type
N/A