Search criteria
3 vulnerabilities found for wrt300n by linksys
VAR-200803-0166
Vulnerability from variot - Updated: 2025-04-10 21:54Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. User supplied data (from the "recipient" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. Wrt300n is prone to a cross-site scripting vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt300n",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt300n",
"scope": "eq",
"trust": 0.9,
"vendor": "linksys",
"version": "2.00.20"
},
{
"model": "wrt300n",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "2.00.20"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.6,
"vendor": "matt",
"version": "1.0"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.6,
"vendor": "matt",
"version": "1.9"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.8"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.7"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.6"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.5"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.4"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.3"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.2"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.1"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.8"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.7"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.6"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.5"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.4"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.3"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.2"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.1"
}
],
"sources": [
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:linksys:wrt300n",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery information is not currently known.",
"sources": [
{
"db": "BID",
"id": "2080"
}
],
"trust": 0.3
},
"cve": "CVE-2008-1243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-1243",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-31368",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1243",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-1243",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31368",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. \nA web server can use a remote site\u0027s FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, \"Matt Wright FormMail Remote Command Execution Vulnerability\". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. \nUser supplied data (from the \"recipient\" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. Wrt300n is prone to a cross-site scripting vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "VULHUB",
"id": "VHN-31368"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1243",
"trust": 2.8
},
{
"db": "XF",
"id": "300",
"trust": 0.9
},
{
"db": "XF",
"id": "41121",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121",
"trust": 0.7
},
{
"db": "BID",
"id": "2079",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BID",
"id": "81418",
"trust": 0.4
},
{
"db": "BID",
"id": "2080",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-31368",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"id": "VAR-200803-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T21:54:34.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"trust": 2.0,
"url": "http://code.bulix.org/koom78-65490"
},
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41121"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1243"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1243"
},
{
"trust": 0.6,
"url": "http://www.worldwidemart.com/scripts/formmail.shtml"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/static/300.php"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/bid/2079"
},
{
"trust": 0.3,
"url": "http://www.guard.dubna.ru/cgibug.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31368"
},
{
"date": "1997-01-01T00:00:00",
"db": "BID",
"id": "2080"
},
{
"date": "1995-08-02T00:00:00",
"db": "BID",
"id": "2079"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "81418"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31368"
},
{
"date": "1997-01-01T00:00:00",
"db": "BID",
"id": "2080"
},
{
"date": "1995-08-02T00:00:00",
"db": "BID",
"id": "2079"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "81418"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-121"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT300N Router cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
}
],
"trust": 0.6
}
}
CVE-2008-1243 (GCVE-0-2008-1243)
Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"name": "linksys-wrt300n-dyndnsdomain-xss(41121)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.bulix.org/koom78-65490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"name": "linksys-wrt300n-dyndnsdomain-xss(41121)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.bulix.org/koom78-65490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://code.bulix.org/cx46qa-65489",
"refsource": "MISC",
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"name": "linksys-wrt300n-dyndnsdomain-xss(41121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"name": "http://code.bulix.org/koom78-65490",
"refsource": "MISC",
"url": "http://code.bulix.org/koom78-65490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1243",
"datePublished": "2008-03-10T17:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1243 (GCVE-0-2008-1243)
Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"name": "linksys-wrt300n-dyndnsdomain-xss(41121)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.bulix.org/koom78-65490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"name": "linksys-wrt300n-dyndnsdomain-xss(41121)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.bulix.org/koom78-65490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://code.bulix.org/cx46qa-65489",
"refsource": "MISC",
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"name": "linksys-wrt300n-dyndnsdomain-xss(41121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"name": "http://code.bulix.org/koom78-65490",
"refsource": "MISC",
"url": "http://code.bulix.org/koom78-65490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1243",
"datePublished": "2008-03-10T17:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}