Page 2 of 7 results (0.000 seconds)

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1

Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Cross-Site Request Forgery (CSRF) en la pantalla Basic Settings en dispositivos Vonage (Grandstream) HT802 permite que atacantes modifiquen la configuración. Esto se relaciona con cgi-bin/update. • https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en /cgi-bin/config2 en dispositivos Vonage (Grandstream) HT802 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante el campo ID de clase de proveedor DHCP (P148). • https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •