CVE-2021-33425: XSS
First published: Tue May 25 2021(Updated: )
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenWrt OpenWrt | =19.07.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-33425?
The severity of CVE-2021-33425 is medium with a score of 5.4.
How does CVE-2021-33425 affect OpenWRT Luci version 19.07?
CVE-2021-33425 allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation in OpenWRT Luci version 19.07.
How can I fix the XSS vulnerability in OpenWRT Luci version 19.07 (CVE-2021-33425)?
To fix the XSS vulnerability, update your OpenWRT Luci version to a patched version or apply the recommended security patches provided by OpenWRT.
Is there a link to more information about CVE-2021-33425?
Yes, you can find more information about CVE-2021-33425 on the OpenWRT website and in the OSS-Security mailing list.
What is the CWE category of CVE-2021-33425?
The CWE category of CVE-2021-33425 is CWE-79 (Cross-Site Scripting).
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/openwrt
- canonical/openwrt openwrt
- version/openwrt openwrt/19.07.0