CVE-2018-18880

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
18/06/2019
Last modified:
18/06/2019

Description

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:columbiaweather:weather_microserver_firmware:ms_2.6.9900:*:*:*:*:*:*:*
cpe:2.3:h:columbiaweather:weather_microserver:-:*:*:*:*:*:*:*