CVE-2024-4224
July 15, 2024, 9:15 p.m.
Tags
Product(s) Impacted
TP-Link TL-SG1016DE
- TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616
- TL-SG1016DE(UN) V7_1.0.1 Build 20240628
Description
An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG1016DE(UN) V7_1.0.1 Build 20240628.
Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE ID: 79Date
Published: July 15, 2024, 9:15 p.m.
Last Modified: July 15, 2024, 9:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@takeonme.org