6.1
CVE-2018-13134
- EPSS 2.33%
- Veröffentlicht 04.07.2018 08:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-link ≫ Archer C1200 Firmware Version1.13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.33% | 0.813 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.exploit-db.com/exploits/45970/
https://www.xc0re.net/2018/05/25/tp-link-wireless-router-archer-c1200-cross-site-scripting/