| Título | INTELBRAS RF 301K 1.1.5 Cross Site Scripting |
|---|
| Descrição | A Cross-site Scripting (XSS) vulnerability was found in the application and management of the INTELBRAS RF 301K router.
To carry out this attack, it is necessary to be authenticated in the system.
To carry out the attack, it is necessary to access the "Advanced Configuration" menu and then the "Static IP" submenu. In the "Add" function, there is an input field for entering the description to be added to the Static IP Address. The affected field is "Description". In this field, it is possible to inject a Cross-Site Scripting script.
Script: <img src="" onerror="prompt(8)">
|
|---|
| Fonte | ⚠️ http://x.x.x.x:8888/index.html |
|---|
| Utilizador | Havook (UID 71104) |
|---|
| Submissão | 15/02/2025 22h35 (há 1 Ano) |
|---|
| Moderação | 20/05/2025 14h53 (3 months later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 309647 [Intelbras RF 301K 1.1.5 Add Static IP Descrição Script de Site Cruzado] |
|---|
| Pontos | 17 |
|---|