CVE-2018-8827

EUVD-2018-20435
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
technicolortg789vac_firmware
16.3.7190-2761005-20161004084353
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://45.32.113.185/075a6fa2d5db3bf3457896bee6db6787.html
http://45.32.113.185/075a6fa2d5db3bf3457896bee6db6787.html