Filtered by vendor Openwrt
                         Subscriptions
                    
                    
                
                        Filtered by product Luci
                         Subscriptions
                    
                    
                
                    Total
                    8 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2025-57389 | 1 Openwrt | 2 Luci, Openwrt | 2025-10-17 | 5.4 Medium | 
| A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0. | ||||
| CVE-2022-41435 | 1 Openwrt | 1 Luci | 2025-05-05 | 5.4 Medium | 
| OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | ||||
| CVE-2024-20104 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt6781 and 22 more | 2025-04-24 | 8.4 High | 
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772. | ||||
| CVE-2023-24181 | 1 Openwrt | 1 Luci | 2025-02-11 | 5.4 Medium | 
| LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. | ||||
| CVE-2021-27821 | 1 Openwrt | 1 Luci | 2024-11-21 | 6.1 Medium | 
| The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution. | ||||
| CVE-2020-10871 | 1 Openwrt | 1 Luci | 2024-11-21 | 5.3 Medium | 
| In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further | ||||
| CVE-2019-12272 | 1 Openwrt | 1 Luci | 2024-11-21 | N/A | 
| In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | ||||
| CVE-2024-51240 | 1 Openwrt | 1 Luci | 2024-11-06 | 8 High | 
| An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package | ||||
                            
                                
                                
                                    Page 1 of 1.