Security Advisory

CVE-2021-20137

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-09 15:24:32

Last updated 2024-08-03 17:30:07

Assigner tenable

State PUBLISHED

Description

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower routers web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victims browser.

← Browse all CVEs View on cve.org ↗