Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 184.108.40.206, EAX20 before 220.127.116.11, EAX80 before 18.104.22.168, EX6120 before 22.214.171.124, EX6130 before 126.96.36.199, EX7500 before 188.8.131.52, R7000 before 184.108.40.206, R7900 before 220.127.116.11, R8000 before 18.104.22.168, RAX200 before 22.214.171.124, RBS40V before 126.96.36.199, RBW30 before 188.8.131.52, EX3700 before 184.108.40.206, MR60 before 220.127.116.11, R7000P before 18.104.22.168, RAX20 before 22.214.171.124, RAX45 before 126.96.36.199, RAX80 before 188.8.131.52, EX3800 before 184.108.40.206, MS60 before 220.127.116.11, R6900P before 18.104.22.168, RAX15 before 22.214.171.124, RAX50 before 126.96.36.199, RAX75 before 188.8.131.52, RBR750 before 184.108.40.206, RBR850 before 220.127.116.11, RBS750 before 18.104.22.168, RBS850 before 22.214.171.124, RBK752 before 126.96.36.199, and RBK852 before 188.8.131.52.
CWE-79 - Cross Site Scripting
Cross-Site Scripting, commonly referred to as XSS, is the most dominant class of vulnerabilities. It allows an attacker to inject malicious code into a pregnable web application and victimize its users. The exploitation of such a weakness can cause severe issues such as account takeover, and sensitive data exfiltration. Because of the prevalence of XSS vulnerabilities and their high rate of exploitation, it has remained in the OWASP top 10 vulnerabilities for years.