A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
oryginał ENCVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XTp Link Oc200
HWTp-Link12Tp Link Oc200 Firmware
OSTp-Link< 2.22.9< 1.37.9Tp Link Oc220
HWTp-Link1Tp Link Oc220 Firmware
OSTp-Link< 1.2.9Tp Link Oc300
HWTp-Link1.6Tp Link Oc300 Firmware
OSTp-Link< 1.31.9Tp Link Oc400
HWTp-Link1.6Tp Link Oc400 Firmware
OSTp-Link< 1.9.9Tp Link Omada Controller
APPTp-Link< 6.0.0.34< 6.0.0.100< 6.0.0.24
Powiązane podatności
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to ma...
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted ...
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device ...
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link...
Podatność Password Confirmation Bypass w kontrolerach Omada, umożliwiająca atakującemu posiadającemu ważny tok...