GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ge multilin_b30_firmware |
||
ge multilin_b90_firmware |
||
ge multilin_c60_firmware |
||
ge multilin_c70_firmware |
||
ge multilin_c95_firmware |
||
ge multilin_d30_firmware |
||
ge multilin_d60_firmware |
||
ge multilin_f35_firmware |
||
ge multilin_f60_firmware |
||
ge multilin_g30_firmware |
||
ge multilin_g60_firmware |
||
ge multilin_l30_firmware |
||
ge multilin_l60_firmware |
||
ge multilin_l90_firmware |
||
ge multilin_m60_firmware |
||
ge multilin_n60_firmware |
||
ge multilin_t35_firmware |
||
ge multilin_t60_firmware |
||
ge multilin_c30_firmware |
Vulmon