Vulnerability Details CVE-2018-20503
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/151327/SirsiDynix-e-Library-3.5.x-Cross-Site-Scripting.html
- https://pentest.com.tr/exploits/Allied-Telesis-8100L-8-Cross-Site-Scripting.html
- https://www.exploit-db.com/exploits/46237/
- http://packetstormsecurity.com/files/151327/SirsiDynix-e-Library-3.5.x-Cross-Site-Scripting.html
- https://pentest.com.tr/exploits/Allied-Telesis-8100L-8-Cross-Site-Scripting.html
- https://www.exploit-db.com/exploits/46237/
Products affected by CVE-2018-20503
-
cpe:2.3:h:alliedtelesis:8100l/8:-
-
cpe:2.3:o:alliedtelesis:8100l/8_firmware:-