Security Advisory 2021-08-01-2 - Stored XSS in hostname UCI variable (CVE-2021-33425)
DESCRIPTION Multiple OpenWrt LuCI templates, including the one shipped by default, integrated the content of the UCI hostname variable without stripping it from malicious JavaScript. This allowed an attacker, which can control the content of the UCI hostname variable, to inject a arbitrary...