Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 188.8.131.52, EAX80 before 184.108.40.206, EX7500 before 220.127.116.11, R7900 before 18.104.22.168, R8000 before 22.214.171.124, RAX200 before 126.96.36.199, RBS40V before 188.8.131.52, RBW30 before 184.108.40.206, MR60 before 220.127.116.11, RAX20 before 18.104.22.168, RAX45 before 22.214.171.124, RAX80 before 126.96.36.199, MS60 before 188.8.131.52, RAX15 before 184.108.40.206, RAX50 before 220.127.116.11, RAX75 before 18.104.22.168, RBR750 before 22.214.171.124, RBR850 before 126.96.36.199, RBS750 before 188.8.131.52, RBS850 before 184.108.40.206, RBK752 before 220.127.116.11, and RBK852 before 18.104.22.168.
CWE-79 - Cross Site Scripting
Cross-Site Scripting, commonly referred to as XSS, is the most dominant class of vulnerabilities. It allows an attacker to inject malicious code into a pregnable web application and victimize its users. The exploitation of such a weakness can cause severe issues such as account takeover, and sensitive data exfiltration. Because of the prevalence of XSS vulnerabilities and their high rate of exploitation, it has remained in the OWASP top 10 vulnerabilities for years.