Xavi : Security Vulnerabilities, CVEs, CVSS score >= 2
Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters.
Max CVSS
6.8
EPSS Score
0.30%
Published
2012-10-08
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-10-08
Updated
2017-08-29
2 vulnerabilities found