CVE-2021-21747
CVE-2021-21747 affects the ZTE MF971R router, with a reflective XSS in the web API. The vulnerability resides in the /api/xmlclient/post endpoint’s cmd parameter, which is not properly sanitized and is reflected in the HTTP response, enabling arbitrary JavaScript execution in the victim’s browser...