A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower routerβs web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victimβs browser.
[
{
"product": "Gryphon Tower router",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "<= 04.0004.12 (Current)"
}
]
}
]