[+] Unauthenticated
[+] Author: Usman Saeed (usman [at] xc0re.net)[+] Affected Version: Firmware version:1.13 Build 2018/01/24 rel.52299 EU
[·] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.[·] Reason: The remote webserver does notfilter special characters or illegal input.[+] Attack type: Remote
[+] Patch Status: Unpatched
[+] Exploitation:[!] The Cross-site scripting vector can be executed,as illustrated below
http://hostname/webpages/data/_._.<img src=a onerror=alert(“Reflected-XSS”)>../..%2f
