First published: Tue May 25 2021(Updated: )
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenWrt OpenWrt | =19.07.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-33425 is medium with a score of 5.4.
CVE-2021-33425 allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation in OpenWRT Luci version 19.07.
To fix the XSS vulnerability, update your OpenWRT Luci version to a patched version or apply the recommended security patches provided by OpenWRT.
Yes, you can find more information about CVE-2021-33425 on the OpenWRT website and in the OSS-Security mailing list.
The CWE category of CVE-2021-33425 is CWE-79 (Cross-Site Scripting).