CVE-2018-19922

Published: Dec 6, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/logern5/c1000a_xss/blob/master/README.md

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-19922

Description

Affected Products

References