CVE-2017-7296

MEDIUM

Contiki Operating System 3.0 - XSS

Title source: llm

Description

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98790

[Third Party Advisory] https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

n/a/n/a

contiki-os/contiki

Published May 28, 2017

Tracked Since Feb 18, 2026