header-logo
Suggest Exploit
vendor:
OfficeConnect Secure Router
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: OfficeConnect Secure Router
Affected Version From: 1.04-168
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:officeconnect:secure_router:1.04-168
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Cross-Site Scripting Vulnerability in OfficeConnect Secure Router

The OfficeConnect Secure Router is vulnerable to cross-site scripting attacks. An attacker can exploit this vulnerability to launch attacks on unsuspecting users by injecting malicious code into the affected website. This can lead to the theft of cookie-based authentication credentials and other attacks.

Mitigation:

It is recommended to update to the latest firmware version to mitigate this vulnerability. Additionally, input validation and output encoding should be implemented to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24374/info

OfficeConnect Secure Router is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

This issue affects OfficeConnect Secure Router firmware 1.04-168; other versions may also be affected. 

http://example.com/cgi-bin/admin?page=1&tk=>[xss]

Navigation

Suggest Exploit

Services By CQR