| शीर्षक | BDCOM P3310D BIOS 0.4.2 10.1.0F Build 86345 Cross Site Scripting |
|---|
| विवरण | A stored Cross-Site Scripting (XSS) vulnerability was identified in the router interface.
within the Remote Monitor feature (RMON Config → RMON Statistics → New). The application fails to properly sanitize user input in the “Owner” parameter, allowing the injection of a malicious payload such as <img/src/onerror=prompt(8)>. This payload is stored by the application and executed when the RMON Statistics page is accessed, as evidenced by the triggered JavaScript prompt. This behavior confirms that input is not properly validated or encoded before being rendered, potentially enabling attackers to execute arbitrary scripts in the context of an authenticated administrator, leading to session hijacking or unauthorized actions. Implementing proper input validation and output encoding is recommended to mitigate this issue. |
|---|
| स्रोत | ⚠️ http://admin:admin@x.x.x.x:8082/ |
|---|
| उपयोगकर्ता | Havook (UID 71104) |
|---|
| सबमिशन | 04/04/2026 11:14 PM (22 दिन पहले) |
|---|
| संयम | 24/04/2026 09:58 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359557 [BDCOM P3310D 0.4.2 10.1.0F Build 86345 New RMON Statistics Page Owner क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 17 |
|---|