Volknwn

**Name of the Vulnerable Software and Affected Versions** BDCOM OLT P3310D-2AC version 10.1.0F Build 69083 **Description** A cross-site scripting (XSS) vulnerability in the device web interface, specifically the Log Query page, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `username` parameter. This vulnerability enables attackers to potentially steal user sessions, hijack user accounts, or perform other malicious actions. **Recommendations** For BDCOM OLT P3310D-2AC version 10.1.0F Build 69083, as a temporary workaround, consider restricting access to the Log Query page until a patch is available. Additionally, avoid using the `username` parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.