Vulnerabilities > Openwrt > Luci
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-41435 | Cross-site Scripting vulnerability in Openwrt Luci Git22.140.6620602913Be OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. | 5.4 |
| 2021-05-25 | CVE-2021-27821 | Cross-site Scripting vulnerability in Openwrt Luci The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution. | 4.3 |
| 2020-03-23 | CVE-2020-10871 | Information Exposure vulnerability in Openwrt Luci Git20.049.11521Bebfe20/Git20.078.229020Ed0D42 In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. | 5.3 |
| 2019-05-23 | CVE-2019-12272 | OS Command Injection vulnerability in Openwrt Luci In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | 7.5 |