CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site scripting vulnerability.
3dbbd6127d694b4edcf1b718fd1acdcbca841f4fde9082ba044f21f713cb578dCellPipe Router XSS vulnerability
Device model : CellPipe 7130 RG 5Ae. M2013 HOL
*Software Version:* : *1.0.0.20h.HOL*
CVE: CVE-2015-4587
Date: 16/06/2015
Discovered by: DiLi
Vulnerability type: Stored XSS vulnerabilities in the router's web interface
Exploitation and Impact:
A cross site scripting vulnerability is shared among the router's
users. These can harm other users of the router. The malicious
javascript can be executed in the context
of an other user's browsers and allows several different attack
opportunities, mostly hijacking the
current session of the user. This happens because the user input is
interpreted as HTML/JavaScript by the browser.
For example at the "port triggering" menu at the "Custom application" field
we can add javascript like :
<script> alert(document.cookie)</script>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed