Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8508
Reference (s):
- BID:70892
- URL: http://www.securityfocus.com/bid/70892
- http://www.zerodayinitiative.com/advisories/ZDI-14-371/