https://www.exploit-db.com/exploits/23528
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-714

EdimaxAR-6004ADSLRouters的web管理界面存在跨站脚本（XSS)漏洞。远程攻击者借助URL注入任意web脚本。

source: http://www.securityfocus.com/bid/9374/info

Edimax AR-6004 ADSL Routers are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user.

This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

http://www.example.com/<script>alert('XSS')</script>

来源:XF
名称:edimax-ar6004-xss(14165)
链接:http://xforce.iss.net/xforce/xfdb/14165
来源:BID
名称:9374
链接:http://www.securityfocus.com/bid/9374
来源:BUGTRAQ
名称:20040106EDIMAXAR-6004FullRateADSLRouterCrossSiteScriptingVulnerabillity
链接:http://www.securityfocus.com/archive/1/349089
来源:OSVDB
名称:3435
链接:http://www.osvdb.org/3435
来源:SECTRACK
名称:1008643
链接:http://securitytracker.com/id?1008643
来源:SECUNIA
名称:10576
链接:http://secunia.com/advisories/10576