CVE-2018-19922

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.

MutationThreads/c1000a_xss
MutationThreads/c1000a_xssUNAVAILABLE
XSS Bug in the Actiontec C1000A
GitHubGitHub