CVE-2019-9725

The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
Configurations

Configuration 1 (hide)

cpe:2.3:a:korenix:jetport_web_manager:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:korenix:jetport_5601_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetport_5601:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:korenix:jetport_5601f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetport_5601f:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:13

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634', 'name': 'https://medium.com/@bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634 -

Information

Published : 2019-03-12 20:29

Updated : 2024-02-28 17:08


NVD link : CVE-2019-9725

Mitre link : CVE-2019-9725

CVE.ORG link : CVE-2019-9725


JSON object : View

Products Affected

korenix

  • jetport_5601f_firmware
  • jetport_5601_firmware
  • jetport_web_manager
  • jetport_5601
  • jetport_5601f
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')