Unrated severityNVD Advisory· Published Dec 9, 2021· Updated Aug 3, 2024

CVE-2021-20137

Description

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.

Affected products

Chatwoot/Gryphon Tower Routerv5
Range: <= 04.0004.12 (Current)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tenable.com/security/research/tra-2021-51mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000