Unsanitized User Input in Technicolor MediaAccess TG789vac v2 HP Log Viewer Interface Allows for XSS

Unsanitized User Input in Technicolor MediaAccess TG789vac v2 HP Log Viewer Interface Allows for XSS

CVE-2018-8827 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.

Learn more about our Web App Pen Testing.