| Title | Edimax BR6288ACL v1.12 Cross Site Scripting |
|---|
| Description | The vulnerability exists in the wiz_WISP24gmanual.asp page, where user input from the manualssid field is directly passed to the configuration without proper sanitization. This allows an attacker to inject malicious JavaScript, which is stored in the router’s configuration. When the configuration is accessed again, the injected payload executes, leading to Stored Cross-Site Scripting (XSS). |
|---|
| Source | ⚠️ https://tzh00203.notion.site/EDIMAX-BR6288ACL-v1-12-XSS-via-wiz_WISP24gmanual-asp-Configuration-2eeb5c52018a802e8ed9f6d000f7a6aa?source=copy_link |
|---|
| User | tian (UID 93438) |
|---|
| Submission | 01/21/2026 05:29 (5 months ago) |
|---|
| Moderation | 02/05/2026 14:20 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 344493 [Edimax BR-6288ACL up to 1.12 wiz_WISP24gmanual.asp wiz_WISP24gmanual manualssid cross site scripting] |
|---|
| Points | 17 |
|---|