Описание
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted.
EPSS
Процентиль: 23%
0.00077
Низкий
Дефекты
CWE-79
Связанные уязвимости
github
1 день назад
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted.
EPSS
Процентиль: 23%
0.00077
Низкий
Дефекты
CWE-79