First published: Mon Nov 26 2018(Updated: )
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Totolink A3002ru Firmware | =1.0.8 | |
TOTOLINK A3002RU |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-13312 is a cross-site scripting vulnerability in notice_gen.htm in TOTOLINK A3002RU version 1.0.8.
CVE-2018-13312 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
CVE-2018-13312 has a severity rating of 6.1, which is considered medium.
TOTOLINK A3002RU version 1.0.8 is affected by CVE-2018-13312.
To fix CVE-2018-13312, update TOTOLINK A3002RU firmware to a version that is not vulnerable.