CVE-2018-13022
The Xiaomi Mi Router 3 (firmware version 2.22.15) is affected by a cross-site scripting (XSS) vulnerability in the API 404 page. The issue enables an attacker to inject and execute arbitrary JavaScript by supplying a crafted URL path. Public references across CNVD/CVE records confirm the same des...