| 제목 | BDCOM P3310D 0.4.2 10.1.0F Build 86345 Cross Site Scripting |
|---|
| 설명 | A stored Cross-Site Scripting (XSS) vulnerability was identified in the router interface at index.asp
within the User Management functionality (System Mgr → User Mgr → New). The application fails to properly sanitize input provided in the “User name” parameter, allowing an attacker to inject a malicious payload (e.g., <script>alert(1)</script>) when creating a new user. This payload is then stored and executed whenever the affected page is accessed, as demonstrated by the JavaScript alert being triggered in the administrator’s browser. This indicates improper input validation and output encoding, potentially enabling session hijacking, privilege escalation, or unauthorized actions. It is recommended to implement strict server-side validation and proper output encoding to prevent script execution.
|
|---|
| 원천 | ⚠️ http://admin:admin@x.x.x.x:8082/ |
|---|
| 사용자 | Havook (UID 71104) |
|---|
| 제출 | 2026. 04. 04. PM 10:35 (23 날 ago) |
|---|
| 모더레이션 | 2026. 04. 24. PM 09:58 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359554 [BDCOM P3310D 0.4.2 10.1.0F Build 86345 New User Page /index.asp User name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|