Console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user sends crafted text to a serial port which has logging enabled the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.
In firmware 4.5.0 and later releases the serial port log data is filtered and sanitized prior to display.
Article is closed for comments.