Christopher Walker

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-SG108PE v5 (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the web management interface. This occurs because the `SYSNAM` configuration parameter is not properly sanitized during the configuration file import process. An attacker with administrator access can inject a malicious script into the device configuration, which is then executed in the administrator's browser when viewing the affected interface. This could lead to session cookie theft, unauthorized configuration changes, or exposure of sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.