CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1207
https://notcve.org/view.php?id=CVE-2016-1207
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en dispositivos I-O DATA DEVICE WN-G300R con firmware 1.12 y versiones anteriores, dispositivos WN-G300R2 con firmware 1.12 y versiones anteriores, y dispositivos WN-G300R3 con firmware 1.01 y versiones anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN22978346/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000062 http://www.iodata.jp/support/information/2016/wn-g300r_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •