slin99

2 exploits Active since Apr 2025
CVE-2025-25427 WRITEUP MEDIUM WRITEUP
TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 - Stored Cross-Site Scripting via UPnP Port Mapping Description
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
CVSS 5.4
CVE-2025-25427 WRITEUP MEDIUM WORKING POC
TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 - Stored Cross-Site Scripting via UPnP Port Mapping Description
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
CVSS 5.4