CVE-2018-19922

CVE-2018-19922

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the ‘TodUrlAdd’ URL parameter in a /urlfilter.cmd POST request.

Source: CVE-2018-19922

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다