CVE-2018-10165
published 2018-05-03CVE-2018-10165: Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated…
PriorityP423medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.61%
44.6th percentile
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | eap_controller | — | — |
| tp-link | eap_controller | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pm5-qmcr-c546: Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2
ghsa_unreviewed·2022-05-14
CVE-2018-10165 [MEDIUM] CWE-79 GHSA-3pm5-qmcr-c546: Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.
OSV
lcms2 vulnerabilities
osv·2018-09-20·CVSS 7.1
CVE-2016-10165 lcms2 vulnerabilities
lcms2 vulnerabilities
Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-10165)
Quang Nguyen discovered that Little CMS incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-16435)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-05-03
Published