5.4
CVSSv3

CVE-2018-10164

CVSSv4: NA | CVSSv3: 5.4 | CVSSv2: 3.5 | VMScore: 640 | EPSS: 0.00117 | KEV: Not Included
Published: 03/05/2018 Updated: 21/11/2024

Vulnerability Summary

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.

Vulnerable Product Search on Vulmon Subscribe to Product

tp-link eap controller 2.5.4

tp-link eap controller 2.6.0

Exploits

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities ...