CVE-2020-26801 – A stored cross-site scripting (XSS) vulnerability was discovered in /Form

4 years ago

A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users’ information via a crafted POST request.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26801

Reference (s):

http://su2200rtxl2ua.com
http://tripplite.com
https://www.blacklanternsecurity.com/2021-06-21-Tripplite-CVE/