CVE-2012-5322
published 2012-10-08CVE-2012-5322: Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.66%
73.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting
exploitdb·2012-02-21
CVE-2012-5322 Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting
Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52098/info
Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities.
The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible.
http://www.example.com/webconfig/wan/confirm.html/confirm?context=pageAction%3Dadd%26pvcName%3D%2522%253e%253c%252ftd%253e%253cscript%253ealert%28document.cookie%29%253c%252fscript%253e%26vpi%3D0%26vci%3D38%26scat%3DUBR%26accessmode%3Dpppo
Exploit-DB
Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting
exploitdb·2012-02-21
CVE-2012-5322 Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting
Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52098/info
Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities.
The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible.
http://www.example.com/webconfig/lan/lan_config.html/local_lan_config?ip_add_txtbox=www.example2.com&sub_mask_txtbox=255.255.255.0&host_name_txtbox=Hackalert(document.cookie)&domain_name_txtbox=local.lan&mtu_txtbox=150
No writeups or analysis indexed.
http://packetstormsecurity.org/files/109987/Xavi-7968-ADSL-Router-Cross-Site-Request-Forgery-Cross-Site-Scripting.htmlhttp://secunia.com/advisories/48050http://www.securityfocus.com/bid/52098https://exchange.xforce.ibmcloud.com/vulnerabilities/73353http://packetstormsecurity.org/files/109987/Xavi-7968-ADSL-Router-Cross-Site-Request-Forgery-Cross-Site-Scripting.htmlhttp://secunia.com/advisories/48050http://www.securityfocus.com/bid/52098https://exchange.xforce.ibmcloud.com/vulnerabilities/73353
2012-10-08
Published