Abdelrahman Khaled

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer C60 version 3 **Description** The device allows execution of arbitrary JavaScript code through a crafted URL due to improper encoding of user-controlled input reflected in the HTML output. An attacker could potentially steal credentials, hijack sessions, or perform unintended actions by targeting privileged users within the device's web user interface context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.