Cross-Site Scripting Vulnerability in TOTOLINK A3002RU Router by TOTOLINK
CVE-2018-13312
6.1MEDIUM
What is CVE-2018-13312?
A cross-site scripting flaw exists in the notice_gen.htm component of the TOTOLINK A3002RU, allowing attackers to inject malicious JavaScript code. By exploiting this vulnerability through the 'Input your notice URL' field, an attacker could execute arbitrary scripts in the context of the user's session, potentially compromising sensitive user data and facilitating further attacks.