vendor:
SI2000 Callisto 821+
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Request Forgery and HTML-Injection
Unknown
CWE
Product Name: SI2000 Callisto 821+
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Platforms Tested:
Unknown
Iskratel SI2000 Callisto 821+ Cross-Site Request Forgery and HTML-Injection Vulnerabilities
The Iskratel SI2000 Callisto 821+ is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities. An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks. The attacker can exploit the HTML-injection issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered. Other attacks are also possible.
Mitigation:
Unknown