5.4
CVE-2017-5256
- EPSS 0.3%
- Veröffentlicht 20.12.2017 22:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginIn version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cambiumnetworks ≫ Epmp 1000 Firmware Version <= 3.5
Cambiumnetworks ≫ Epmp 2000 Firmware Version <= 3.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.499 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.