CVE-2014-1407

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*
cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*

Information

Published : 2014-01-10 08:47

Updated : 2015-08-07 10:59


NVD link : CVE-2014-1407

Mitre link : CVE-2014-1407


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

conceptronic

  • c54apm
  • c54apm_firmware