CVE-2018-18291

MEDIUM

ASUS RT-AC58U 3.0.0.4.380_6516 - Cross-Site Scripting via Multiple Pages

Title source: llm
STIX 2.1

Description

A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/remix30303/AsusXSS/

Scores

CVSS v3 6.1
EPSS 0.0022
EPSS Percentile 44.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
asus/rt-ac58u_firmware 3.0.0.4.380.6516
Published Oct 14, 2018
Tracked Since Feb 18, 2026