Amalcew

**Name of the Vulnerable Software and Affected Versions** Luci OpenWRT version 18.06.2 **Description** A reflected cross-site scripting (XSS) issue exists in the `/admin/system/packages` API endpoint of Luci OpenWRT. An attacker can execute arbitrary Javascript in a user's browser by providing a crafted payload. The vulnerable parameter is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.