Vulnerabilities > Openwrt > Luci

DATE CVE VULNERABILITY TITLE RISK
2023-04-10 CVE-2023-24181 Cross-site Scripting vulnerability in Openwrt Luci 22.03.3
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
network
low complexity
openwrt CWE-79
5.4
2022-11-03 CVE-2022-41435 Cross-site Scripting vulnerability in Openwrt Luci Git22.140.6620602913Be
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js.
network
low complexity
openwrt CWE-79
5.4
2021-05-25 CVE-2021-27821 Cross-site Scripting vulnerability in Openwrt Luci
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
network
low complexity
openwrt CWE-79
6.1
2020-03-23 CVE-2020-10871 Information Exposure vulnerability in Openwrt Luci Git20.049.11521Bebfe20/Git20.078.229020Ed0D42
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services.
network
low complexity
openwrt CWE-200
5.3
2019-05-23 CVE-2019-12272 OS Command Injection vulnerability in Openwrt Luci
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
network
low complexity
openwrt CWE-78
critical
9.8