| Title | Clavister Clavister E80 - EagleSeries . Cross-Site Scripting |
|---|
| Description | Reflected XSS chained with CSRF poses a threat to Clavister E80 Firewall-protected web applications. In this scenario, attackers inject malicious scripts into the application, which execute in users' browsers, potentially leading to unauthorized actions like data theft or manipulation. While the firewall provides network security, it may not safeguard against these specific web application vulnerabilities. Mitigation strategies include secure coding practices, such as input validation and output encoding, as well as implementing anti-CSRF tokens and conducting regular security assessments. |
|---|
| Source | ⚠️ https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md |
|---|
| User | Strik3r (UID 61057) |
|---|
| Submission | 03/23/2024 17:03 (2 years ago) |
|---|
| Moderation | 04/01/2024 19:49 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 258916 [Clavister E10/E80 up to 14.00.10 Misc Settings Page MiscSettings cross site scripting] |
|---|
| Points | 20 |
|---|