Vulnerabilities > CVE-2021-30172 - Unspecified vulnerability in Junhetec Omnidirectional Communication System 2007.1901
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |