Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Hereta ETH-IMC408M 跨站脚本漏洞

Hereta ETH-IMC408M是美国Hereta公司的一款以太网交换机设备。 Hereta ETH-IMC408M 1.0.15及之前版本存在跨站脚本漏洞，该漏洞源于Network Diagnosis ping函数输入清理不当，可能导致反射型跨站脚本攻击。

N/A

N/A