Marcin Zieba

**Name of the Vulnerable Software and Affected Versions** OpenWrt versions 18.06.0 through 18.06.4 **Description** The issue is related to a stored XSS vulnerability in LuCI, a component of OpenWrt. This vulnerability can be exploited via a crafted SSID, potentially allowing a remote attacker to perform cross-site scripting attacks. The vulnerability is associated with the lack of protection for the web page structure. **Recommendations** For OpenWrt versions 18.06.0 through 18.06.4, consider disabling the SSID crafting functionality until a patch is available. Restrict access to the LuCI interface to minimize the risk of exploitation. Avoid using crafted SSIDs in the affected OpenWrt versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 4.3.5 Qsync Central versions prior to 3.0.4 **Description** A cross-site scripting issue allows remote attackers to inject Javascript code into the compromised application. **Recommendations** For QTS versions prior to 4.3.5, update to version 4.3.5 or later to resolve the issue. For Qsync Central versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue.