CVE-2022-41435

openwrt/luci

on github

Published

November 3, 2022

Severity

CVSS v3:

5.4 MEDIUM

CVSS v2:

N/A

Description

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.

References

https://github.com/openwrt/luci/commit/944b55738e7f9685865d5298248b7fbd7380749e
https://gist.github.com/librick/eacf19bcfc5ca964e0882b4ef9864bf5

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:openwrt:luci:git-22.140.66206-02913be:::::::*	n/a	n/a	git-22.140.66206-02913be

External Links

NVD - CVE-2022-41435