CVE-2021-43661

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 56.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink Ex300 V2 Firmware
Timeline
PublishedMar 31
Latest updateApr 1

Description

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDtotolink/ex300_v2_firmware4.0.3c.140_b20210429

🔴Vulnerability Details

2
GHSA
GHSA-hg29-53rh-m9vp: totolink EX300_v2 V42022-04-01
CVEList
CVE-2021-43661: totolink EX300_v2 V42022-03-30
CVE-2021-43661 (MEDIUM CVSS 6.1) | totolink EX300_v2 V4.0.3c.140_B2021 | cvebase.io