# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting
 
# Google Dork: N/A
 
# Date: 02-03-2014
 
# Exploit Author: Jeroen - IT Nerdbox
 
# Vendor Homepage: http://www.ubeeinteractive.com/
 
# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
 
# Version: All
 
# Tested on: N/A
 
# CVE : N/A
 
#
 
## Description:
 
#
 
# The SSID and Device name settings in the wireless configuration do not
sanitize their input.
 
#
 
# The VPN Tunnel name is also vulnerable for persistent XSS
 
#
 
## PoC:
 
#
 
#   Entering the following payload in one of these fields will execute
javascript:
 
#
 
#  "><input onmouseover=prompt(1)>  or "><button
onclick=prompt(1)>XSS</button>
 
#
 
#
 
# More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/