Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39678: XSS in BDCOM OLT P3310D-2AC

A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.

CVE
#xss#vulnerability#web#ios#bios#telnet

July 29, 2023

**XSS in BDCOM OLT P3310D-2AC
**

VolkNwn

Device Type: P3310D

BIOS Version: 0.4.2

Firmware Version: 10.1.0F Build 69083

Cross-site scripting (XSS) vulnerability in device web interface (Log Query page) in BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows remote attackers to inject arbitrary web script or HTML via the login parameter.

Steps to Reproduce:

1. Connect via telnet

2. Use a payload as your username.

Example: <script>alert(‘XSS’);</script>

3. Go to the Log Query page.

Info:

https://t.me/volknwn 2023

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907