CVE-2017-6443
published 2017-03-15CVE-2017-6443: Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter…
PriorityP335medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.33%
87.1th percentile
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| epson | tmnet_webconfig | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
exploitdb·2019-05-21·CVSS 8.1
CVE-2018-6443 [HIGH] Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
---
/*
Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution
Date: 2017-03-29
Exploit Author: Jakub Palaczynski
Vendor Homepage: https://www.broadcom.com/
CVE: CVE-2018-6443
Version:
Tested on Brocade Network Advisor 14.X.X versions. Other may also be affected.
Tested on EMC Connectrix Manager Converged Network Edition 14.4.1. Other may also be affected.
IBM Network Advisor seems to also be affected.
Info: Exploit uses hardcoded and undocumented credentials for JBoss JMX to execute arbitrary command on system.
*/
import javax.management.remote.*;
import javax.management.*;
import java.util.*;
import java.lang.*;
import java.io.*;
import java.net.*;
import com.sun.net.httpserver.*;
import ja
Exploit-DB
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
exploitdb·2017-03-03·CVSS 6.1
CVE-2017-6443 [MEDIUM] EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
---
# Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00
# Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00"
# Date: 3/3/2017
# Exploit Author: Michael Benich
# Vendor Homepage: https://www.epson-biz.com/
# Software Link: https://c4b.epson-biz.com/modules/community/index.php?content_id=50
# Version: 1.00
# CVE: CVE-2017-6443
# Contact: [email protected] // @benichmt1
#####################################################################################
Summary:
Persistent cross-site scripting (XSS) in the web interface of Epson's TMNet WebConfig Ver 1.00 application allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter.
Steps to reproduce:
1)Make a POST reque
No writeups or analysis indexed.
2017-03-15
Published