Security Advisory

CVE-2018-19922

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-06 22:00:00

Last updated 2024-09-16 17:14:57

Assigner mitre

State PUBLISHED

Description

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the TodUrlAdd URL parameter in a /urlfilter.cmd POST request.

← Browse all CVEs View on cve.org ↗