In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2017-12-20T22:00:00

Updated: 2024-08-05T14:55:35.813Z

Reserved: 2017-01-09T00:00:00

Link: CVE-2017-5256

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-12-20T22:29:00.400

Modified: 2024-11-21T03:27:22.610

Link: CVE-2017-5256

cve-icon Redhat

No data.