| Titel | Tilgin FIBER HOME GATEWAY HG1522 HG13xxx_CSx000-01_09_01_12 Cross Site Scripting |
|---|
| Beschreibung | A cross-site scripting (XSS) vulnerability has been discovered in the product_info page of Tilgin FIBER HOME GATEWAY HG1522 which can be accessed without login. The vulnerability is in the href attribute An attacker can use this vulnerability to inject malicious Javascript code in the context of a victim's browser, which can be triggered by clicking on the link.
#Steps to Reproduce
1). Navigate to - http://IP/status/product_info/
2). Insert a generic payload after product_info
POC : http://IP/status/product_info/%3CBODY%20ONLOAD=alert('1')%3E |
|---|
| Benutzer | The_Druk (UID 70236) |
|---|
| Einreichung | 18.06.2024 23:08 (vor 2 Jahren) |
|---|
| Moderieren | 26.06.2024 18:23 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 269755 [Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12 /status/product_info/ product_info Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|