XSS on Nanostation Loco M2 Airmax
Medium
U
Ubiquiti Inc.
Submitted None
Team Summary
Official summary from Ubiquiti Inc.
The researcher demonstrated that an unauthenticated POST request with crafted parameters could cause reflected-XSS due to lack of input sanitization on airOS v5.6.8. Fixes have been released with airOS v5.6.15 and airOS v6.0.1.
Actions:
Reported by
grampae
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic