Vulnerabilities > Totolink > A3002Ru Firmware > 1.0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-13309 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | 4.3 |
| 2018-11-26 | CVE-2018-13308 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | 4.3 |