CVE-2023-3085

Name of the Vulnerable Software and Affected Versions X-WRT luci versions up to 22.10 b202303061504

Description A problematic issue has been found in the 404 Error Template Handler component, affecting the function run action of the file modules/luci-base/ucode/dispatcher.uc. The manipulation of the argument request path leads to cross-site scripting. The attack may be initiated remotely.

Recommendations To address this issue, upgrade to version 22.10 b202303121313. As a temporary workaround, consider restricting access to the run action function of the dispatcher.uc file until the patch is applied. Additionally, avoid manipulating the request path argument in the affected component to minimize the risk of exploitation.