Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lg_project | lg | * |
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lg_project | lg | * |
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lg_project | lg | * |
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lg_project | lg | 1.01 |