Headline
CVE-2023-39678: XSS in BDCOM OLT P3310D-2AC
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
July 29, 2023
**XSS in BDCOM OLT P3310D-2AC
**
VolkNwn
Device Type: P3310D
BIOS Version: 0.4.2
Firmware Version: 10.1.0F Build 69083
Cross-site scripting (XSS) vulnerability in device web interface (Log Query page) in BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows remote attackers to inject arbitrary web script or HTML via the login parameter.
Steps to Reproduce:
1. Connect via telnet
2. Use a payload as your username.
Example: <script>alert(‘XSS’);</script>
3. Go to the Log Query page.
Info:
https://t.me/volknwn 2023