CVE-2018-10700

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
2.2%
top 15.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Awk-3121 Firmware
Timeline
PublishedJun 7
Latest updateMay 24

Description

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vq47-4ffr-fmjh: An issue was discovered on Moxa AWK-3121 12022-05-24
CVEList
CVE-2018-10700: An issue was discovered on Moxa AWK-3121 12019-06-07
CVE-2018-10700 (MEDIUM CVSS 6.1) | An issue was discovered on Moxa AWK | cvebase.io