Unauthenticated Reflected XSS in uhttpd in OpenWrt and LEDE

Unauthenticated Reflected XSS in uhttpd in OpenWrt and LEDE

CVE-2018-19630 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.

Learn more about our Web Application Penetration Testing UK.