Skip to main content
CVE-2021-3014 MEDIUM POC This Month

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik XSS Routeros
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21494 MEDIUM POC This Month

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mk Auth
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy