CVE-2014-0620
Technicolor TC7200 STD6.01.12 - Cross-Site Scripting via ADDNewDomain or VmTracerouteHost Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-0620. PoCs published by Jeroen - IT Nerdbox.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Technicolor TC7200 devices. It includes proof-of-concept payloads for both persistent and reflected XSS attacks, targeting specific endpoints and parameters.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
Exploits (1)
This exploit demonstrates multiple XSS vulnerabilities in Technicolor TC7200 devices. It includes proof-of-concept payloads for both persistent and reflected XSS attacks, targeting specific endpoints and parameters.