cve/CVE-2018-10700.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.

POC

Reference

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/samuelhuntley/Moxa_AWK_1121

1.1 KiB Raw Blame History

CVE-2018-10700

Description

POC

Reference

Github

1.1 KiB

Raw Blame History