Skip to main content

P3310D

4 CVEs product

Monthly

CVE-2026-6998 LOW Monitor

Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 Build 86345 via the Owner parameter on the New RMON Statistics Page allows authenticated remote attackers to inject malicious scripts. The vulnerability requires user interaction (clicking a crafted link) and high-privilege access to exploit, limiting real-world risk despite public exploit availability. The vendor has not responded to disclosure attempts.

XSS P3310D
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-6997 LOW Monitor

Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 10.1.0F-86345 allows authenticated remote attackers with high privileges to inject malicious scripts via the Owner parameter on the New RMON History Page, requiring user interaction to execute. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.

XSS P3310D
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-6996 LOW Monitor

Stored cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 86345 allows authenticated remote attackers to inject malicious scripts via the Description parameter in the rmon event Tab component. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting practical exploitation scope. Public exploit code is available; however, the low CVSS score (2.4) reflects the authentication barrier and limited confidentiality/availability impact.

XSS P3310D
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-6995 LOW Monitor

Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 10.1.0F Build 86345 allows high-privileged authenticated users to inject malicious scripts via the User name parameter in the New User Page (/index.asp), affecting only the injecting user's session due to session-scoped impact. Public exploit code is available, but exploitation requires administrative credentials and user interaction (form submission), significantly limiting real-world attack surface despite the remote attack vector.

XSS P3310D
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
EPSS 0% CVSS 1.9
LOW Monitor

Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 Build 86345 via the Owner parameter on the New RMON Statistics Page allows authenticated remote attackers to inject malicious scripts. The vulnerability requires user interaction (clicking a crafted link) and high-privilege access to exploit, limiting real-world risk despite public exploit availability. The vendor has not responded to disclosure attempts.

XSS P3310D
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 10.1.0F-86345 allows authenticated remote attackers with high privileges to inject malicious scripts via the Owner parameter on the New RMON History Page, requiring user interaction to execute. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.

XSS P3310D
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Stored cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 86345 allows authenticated remote attackers to inject malicious scripts via the Description parameter in the rmon event Tab component. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting practical exploitation scope. Public exploit code is available; however, the low CVSS score (2.4) reflects the authentication barrier and limited confidentiality/availability impact.

XSS P3310D
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 10.1.0F Build 86345 allows high-privileged authenticated users to inject malicious scripts via the User name parameter in the New User Page (/index.asp), affecting only the injecting user's session due to session-scoped impact. Public exploit code is available, but exploitation requires administrative credentials and user interaction (form submission), significantly limiting real-world attack surface despite the remote attack vector.

XSS P3310D
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy