Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microchip syncserver_s100_firmware 2.90.70.3 |
||
microchip syncserver_s200_firmware 1.30 |
||
microchip syncserver_s250_firmware 1.25 |
||
microchip syncserver_s300_firmware 2.65.0 |
||
microchip syncserver_s350_firmware 2.80.1 |