Cross-Site Scripting Vulnerability in Arris DG860A, TG862A, and TG862G Devices
CVE-2015-7290

Currently unrated

Key Information:

Vendor: Arris
Status: Na Model 862 Gw Mono Firmware
Vendor: CVE Published:; 21 November 2015

What is CVE-2015-7290?

A cross-site scripting (XSS) vulnerability exists in the web management interface of Arris DG860A, TG862A, and TG862G devices. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'pwd' parameter. Exploitation of this vulnerability can lead to unauthorized access, manipulation of web content, and potential exposure of sensitive user information.

References

http://www.kb.cert.org/vuls/id/419568

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2015
Vulnerability Reserved
Sep 18, 2015