PT-2021-6849 · Openwrt · Openwrt
Published
2021-12-27
·
Updated
2023-05-24
·
CVE-2021-45905
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenWrt version 21.02.1
Description
The issue exists due to inadequate protection of the web page structure in the OpenWrt embedded operating system. This allows for a potential Cross-Site Scripting (XSS) attack via the Traffic Rules Name screen, which could enable a remote attacker to impact the confidentiality and integrity of protected information.
Recommendations
For OpenWrt version 21.02.1, update to a newer version that includes a fix for this issue to prevent potential XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openwrt