CVE-2019-20070
MEDIUM WAF: High
CVSS 6.1
Published: 2019-12-30
CWE-79
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| netis-systems | dl4343_firmware | - |
References
- drive.google.com (Exploit, Third Party Advisory)
- drive.google.com (Exploit, Third Party Advisory)
- fatihhcelik.blogspot.com (Exploit, Third Party Advisory)