Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDionisia LeratakiPACKETSTORM:132327
HistoryJun 16, 2015 - 12:00 a.m.

CellPipe 7130 Cross Site Scripting

2015-06-1600:00:00
Dionisia Lerataki
packetstormsecurity.com
23

EPSS

0.002

Percentile

52.0%

JSON
` CellPipe Router XSS vulnerability  
  
Device model : CellPipe 7130 RG 5Ae. M2013 HOL  
*Software Version:* : *1.0.0.20h.HOL*  
CVE: CVE-2015-4587  
Date: 16/06/2015  
Discovered by: Dionisia Lerataki  
(https://gr.linkedin.com/pub/dionisia-lerataki/88/18/891)  
  
  
Vulnerability type: Stored XSS vulnerabilities in the router's web interface  
  
Exploitation and Impact:  
  
A cross site scripting vulnerability is shared among the router's  
users. These can harm other users of the router. The malicious  
javascript can be executed in the context  
of an other user's browsers and allows several different attack  
opportunities, mostly hijacking the  
current session of the user. This happens because the user input is  
interpreted as HTML/JavaScript by the browser.  
  
For example at the "port triggering" menu at the "Custom application" field  
we can add javascript like :  
<script> alert(document.cookie)</script>  
`

Related

prion 1
cvelist 1
cve 1
nvd 1
prion
prion
Cross site scripting
2015-06-18 18:59:00
cvelist
cvelist
CVE-2015-4587
2015-06-18 18:00:00
cve
cve
CVE-2015-4587
2015-06-18 18:59:05
nvd
nvd
CVE-2015-4587
2015-06-18 18:59:05

EPSS

0.002

Percentile

52.0%

JSON
Related for PACKETSTORM:132327
prion1cvelist1cve1nvd1