CVE-2017-5256 - AskarLabs CVE Database

CVE-2017-5256

Vendor Cambium Networks

Product ePMP

Weakness CWE-79 · XSS

Published December 20, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.

Key dates

02Disclosure timeline

December 20, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-5256

Related vulnerabilities

04Related CVE

CVE-2025-15632 1Panel-dev MaxKB MdPreview chat.ts cross site scripting CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password CVE-2021-24180 Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) CVE-2025-30545 WordPress issuuPress plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-29030 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack