vendor:
AIR5444TT
by:
Raif Berkay Dincel
6.1
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: AIR5444TT
Affected Version From: 1.0.0.18
Affected Version To: 1.0.0.18
Patch Exists: YES
Related CWE: CVE-2018-8738
CPE: a:airties:air5444tt
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=34210, https://www.infosecmatter.com/nessus-plugin-library/?id=72834, https://www.infosecmatter.com/nessus-plugin-library/?id=34211, https://www.infosecmatter.com/nessus-plugin-library/?id=33441, https://www.infosecmatter.com/nessus-plugin-library/?id=33447, https://www.infosecmatter.com/nessus-plugin-library/?id=37068, https://www.infosecmatter.com/nessus-plugin-library/?id=49017, https://www.infosecmatter.com/nessus-plugin-library/?id=33905
Platforms Tested: MacOS High Sierra, Linux Mint, Windows 10
2018
Airties AIR5444TT – Cross-Site Scripting
A vulnerability in Airties AIR5444TT could allow an unauthenticated attacker to inject malicious JavaScript code into the application. This vulnerability exists due to insufficient validation of user-supplied input in the 'page' and 'productboardtype' parameters of the 'top.html' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious JavaScript code to the vulnerable application. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the vulnerable application.
Mitigation:
The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the software.
