CVE-2018-25035

LOW

Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via EmailAddress/SmtpServerName Parameter

Title source: llm
STIX 2.1

Description

A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://alquimistadesistemas.com/auditando-router-thomson-tcw710
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.126696

Scores

CVSS v3 3.5
EPSS 0.0054
EPSS Percentile 41.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-80 CWE-79
Status published
Products (1)
technicolor/thomson_tcw710_firmware st5d.10.05
Published Jun 12, 2022
Tracked Since Feb 18, 2026