Edimax GS-5008PL Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Edimax GS-5008PL switch, affecting firmware versions through 1.00.54. The issue resides in the system_name_set.cgi script, where the sysName parameter can be manipulated to inject arbitrary script code. This injected script executes when an administrator views certain management pages, including system_data.js.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected management pages.

Added: Mar 17, 2026, 10:24 PM

Updated: Mar 17, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.6

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.6

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax GS-5008PL Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

Edimax GS-5008PL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating