CVE-2022-25172: XSS
First published: Thu May 12 2022(Updated: )
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Inhandnetworks Ir302 Firmware | <=3.5.4 | |
| Inhandnetworks Ir302 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/type
- agent/tags
- agent/last-modified-date
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/inhandnetworks
- canonical/inhandnetworks ir302 firmware
- version/inhandnetworks ir302 firmware/3.5.4
- canonical/inhandnetworks ir302