Vulnerability
Description
Because of an incorrect implementation of sanitise() in inc/libmisc.php, NeDi 1.9C is vulnerable to XSS. This function tries to escape the SCRIPT tag from user-controllable values, however it can be quickly bypassed, as shown by an IMG element’s onerror attribute as a Devices-Config.php?sta= value.
Recommendations
- Update NeDi 1.9C to the latest version
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
