P3310D
Monthly
Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 Build 86345 via the Owner parameter on the New RMON Statistics Page allows authenticated remote attackers to inject malicious scripts. The vulnerability requires user interaction (clicking a crafted link) and high-privilege access to exploit, limiting real-world risk despite public exploit availability. The vendor has not responded to disclosure attempts.
Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 10.1.0F-86345 allows authenticated remote attackers with high privileges to inject malicious scripts via the Owner parameter on the New RMON History Page, requiring user interaction to execute. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Stored cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 86345 allows authenticated remote attackers to inject malicious scripts via the Description parameter in the rmon event Tab component. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting practical exploitation scope. Public exploit code is available; however, the low CVSS score (2.4) reflects the authentication barrier and limited confidentiality/availability impact.
Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 10.1.0F Build 86345 allows high-privileged authenticated users to inject malicious scripts via the User name parameter in the New User Page (/index.asp), affecting only the injecting user's session due to session-scoped impact. Public exploit code is available, but exploitation requires administrative credentials and user interaction (form submission), significantly limiting real-world attack surface despite the remote attack vector.
Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 Build 86345 via the Owner parameter on the New RMON Statistics Page allows authenticated remote attackers to inject malicious scripts. The vulnerability requires user interaction (clicking a crafted link) and high-privilege access to exploit, limiting real-world risk despite public exploit availability. The vendor has not responded to disclosure attempts.
Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 10.1.0F-86345 allows authenticated remote attackers with high privileges to inject malicious scripts via the Owner parameter on the New RMON History Page, requiring user interaction to execute. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Stored cross-site scripting (XSS) in BDCOM P3310D 0.4.2 build 86345 allows authenticated remote attackers to inject malicious scripts via the Description parameter in the rmon event Tab component. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting practical exploitation scope. Public exploit code is available; however, the low CVSS score (2.4) reflects the authentication barrier and limited confidentiality/availability impact.
Reflected cross-site scripting (XSS) in BDCOM P3310D 0.4.2 10.1.0F Build 86345 allows high-privileged authenticated users to inject malicious scripts via the User name parameter in the New User Page (/index.asp), affecting only the injecting user's session due to session-scoped impact. Public exploit code is available, but exploitation requires administrative credentials and user interaction (form submission), significantly limiting real-world attack surface despite the remote attack vector.