| शीर्षक | datacom DM4100 1.3.6.1.4.1.3709 Cross Site Scripting |
|---|
| विवरण | A stored Cross-Site Scripting (XSS) vulnerability was identified in the router interface within the Interfaces section (Ethernet configuration). The application does not properly sanitize input provided in the “Name” field, allowing the injection of a malicious payload such as <img/src/onerror=prompt(8)>. Once submitted, the payload is stored and executed when the Ethernet configuration page is accessed, as demonstrated by the triggered JavaScript prompt in the administrator’s browser. This indicates a lack of proper input validation and output encoding, potentially enabling attackers to execute arbitrary scripts, leading to session hijacking or unauthorized actions within the management interface. It is recommended to implement strict server-side validation and proper output encoding to prevent script execution. |
|---|
| स्रोत | ⚠️ http://admin:admin@x.x.x.x/ |
|---|
| उपयोगकर्ता | Havook (UID 71104) |
|---|
| सबमिशन | 05/04/2026 01:34 PM (21 दिन पहले) |
|---|
| संयम | 24/04/2026 10:17 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359560 [Datacom DM4100 1.3.6.1.4.1.3709 Ethernet Configuration Page नाम क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 17 |
|---|