CVE-2024-28403
TOTOLINK X2000R (before V1.0.0-B20231213.1013) is vulnerable to Cross Site Scripting (XSS) via the VPN Page. The root cause cited is lack of proper filtering/escaping of user-supplied data on the VPN Page. No remediation or fix version is specified in the provided documents. Exploitation details ...