Security Advisory 2021-08-01-1 - XSS via missing input validation of host names displayed (CVE-2021-32019)
DESCRIPTION Missing input validation of host names displayed in OpenWrt LuCI web-interface leads to Cross-site scripting, which can be used to gain full control over the affected system. REQUIREMENTS Users need to visit the LuCI “Connection status” page of the router and activate the host name...