CVE-2024-28402

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 70.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink X2000r Firmware
Timeline
PublishedApr 11

Description

TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 1.7 | Impact: 3.7

Affected Packages1 packages

NVDtotolink/x2000r_firmware< 1.0.0-b20231213.1013

🔴Vulnerability Details

2
GHSA
GHSA-x5qq-mm82-fv4j: TOTOLINK X2000R before V12024-04-11
CVEList
CVE-2024-28402: TOTOLINK X2000R before V12024-03-21
CVE-2024-28402 (MEDIUM CVSS 5.9) | TOTOLINK X2000R before V1.0.0-B2023 | cvebase.io