CHIYU IoT XSS Vulnerability CVE-2021-31250 Scanner Detail
Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
Some Advice for Common Problems
- You need to apply related fixes.
- Sanitize all parameters received as input from the user.