Description
Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf
Exploit x_refsource_misc
http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php
Scores
EPSS
0.0016
EPSS Percentile
36.3%
Details
CWE
CWE-79
Status
published
Products (2)
linksys/ea6500
linksys/ea6500_firmware
1.1.28.147876
Published
Sep 29, 2014
Tracked Since
Feb 18, 2026