Description
Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3050
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45841
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477220/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45842
Scores
EPSS
0.0033
EPSS Percentile
56.3%
Details
Status
published
Products (1)
siemens/gigaset_se361_wlan_router
0 firmware_1.00
Published
Aug 22, 2007
Tracked Since
Feb 18, 2026