Vulnerabilities > TP Link > EAP Controller > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-03 CVE-2018-10165 Cross-site Scripting vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality.
network
low complexity
tp-link CWE-79
5.4
5.4
2018-05-03 CVE-2018-10164 Cross-site Scripting vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality.
network
low complexity
tp-link CWE-79
5.4
5.4