VYPR

uhttpd

by LEDE

CVEs (1)

  • CVE-2018-19630MedNov 28, 2018
    risk 0.40cvss 6.1epss 0.01

    cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.