ID
VAR-E-201409-0270
TITLE
Airties Air6372SO Modem Web Interface 'top.html' Cross Site Scripting Vulnerability
Trust: 0.3
DESCRIPTION
Airties Air6372SO modem web interface is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | airties | model: | air6372so | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI is available:
http://www.example.com/top.html?productboardtype=<b>H4x0reSec</b> <script>alert(document.cookie)</script>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
KnocKout
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 69762 | Trust: 0.3 |
REFERENCES
| url: | http://www.airties.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 69762 |
LAST UPDATE DATE
2022-07-27T09:21:50.814000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 69762 | date: | 2014-09-09T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 69762 | date: | 2014-09-09T00:00:00 |