CVE-2018-20503

Name of the Vulnerable Software and Affected Versions: Allied Telesis 8100L/8 devices (affected versions not specified)

Description: The issue allows for cross-site scripting (XSS) attacks. This is possible due to the lack of proper input validation in the vlanid or subnet mask parameters within the edit-ipv4 interface.php endpoint.

Recommendations: For Allied Telesis 8100L/8 devices, as a temporary workaround, consider restricting access to the edit-ipv4 interface.php endpoint until a patch is available. Avoid using the vlanid or subnet mask parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.