Multiple Reflected and Stored XSS Vulnerabilities in MediaKind RX8200 5.13.3 Devices

Multiple Reflected and Stored XSS Vulnerabilities in MediaKind RX8200 5.13.3 Devices

CVE-2020-22158 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code.

Learn more about our User Device Pen Test.