Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbSilent DreamEDB-ID:36429
HistoryDec 08, 2011 - 12:00 a.m.

HomeSeer HS2 2.5.0.20 - Web Interface Log Viewer Page URI Cross-Site Scripting

2011-12-0800:00:00
Silent Dream
www.exploit-db.com
18

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

59.4%

JSON
source: https://www.securityfocus.com/bid/50978/info

HS2 web interface is prone to multiple security vulnerabilities:

1. An HTML-injection vulnerability.
2. A cross-site request-forgery vulnerability.
3. A directory-traversal vulnerability.

Attackers can exploit these issues to perform certain actions in the context of an authorized user's session, run arbitrary HTML and script code, and transfer files outside of the web directory. Other attacks may also be possible.

HomeSeer HS2 2.5.0.20 is vulnerable; prior versions may also be affected. 

http://www.example.com/example<script>alert(document.cookie)</script>

Related

prion 1
cve 1
nvd 1
cvelist 1
openvas 2
prion
prion
Cross site scripting
2011-12-15 03:57:00
cve
cve
CVE-2011-4836
2011-12-15 03:57:35
nvd
nvd
CVE-2011-4836
2011-12-15 03:57:35
cvelist
cvelist
CVE-2011-4836
2011-12-15 02:00:00
openvas
openvas
HomeSeer HS2 Web Interface <= 2.5.0.20 Multiple XSS Vulnerabilities - Active Check
2011-12-20 00:00:00
HomeSeer HS2 Web Interface Multiple Vulnerabilities
2011-12-20 00:00:00

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

59.4%

JSON
Related for EDB-ID:36429
prion1cve1nvd1cvelist1openvas2