Abbcdec

**Name of the Vulnerable Software and Affected Versions** OpenWrt versions prior to the version with the fixed LuCI openwrt-22.03 branch LuCI openwrt-22.03 branch git-22.361.69894-438c598 **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability in the sshkeys.js component of the LuCI interface in OpenWrt. This vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks. The vulnerability is due to insufficient protection of the web page structure. **Recommendations** For OpenWrt versions prior to the version with the fixed LuCI openwrt-22.03 branch, consider disabling access to the /system/sshkeys.js component until a patch is available. For LuCI openwrt-22.03 branch git-22.361.69894-438c598, update to a version that includes the fix for the stored XSS vulnerability. As a temporary workaround, restrict access to the vulnerable sshkeys.js component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LuCI openwrt-22.03 branch git-22.361.69894-438c598 **Description** A reflected cross-site scripting (XSS) issue was found in LuCI via the component "/openvpn/pageswitch.htm". This allows for potential XSS attacks. **Recommendations** For LuCI openwrt-22.03 branch git-22.361.69894-438c598, as a temporary workaround, consider restricting access to the "/openvpn/pageswitch.htm" component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.