CVE-2023-29772Cross-site Scripting in Rt-ac51u Firmware

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.2MEDIUMNVD
EPSS
2.5%
top 14.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Rt-ac51u Firmware
Timeline
PublishedMay 2

Description

A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.7

Affected Packages1 packages

NVDasus/rt-ac51u_firmware3.0.0.4.380.8591

🔴Vulnerability Details

2
CVEList
CVE-2023-29772: A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware ve2023-05-02
GHSA
GHSA-fpmj-g27c-jx6m: A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware ve2023-05-02
CVE-2023-29772 — Cross-site Scripting in Asus | cvebase