* Xavi 7968 ADSL Router 0 and prior
The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible.
An attacker must trick an unsuspecting victim into following a malicious URI to exploit these issues. An attacker can exploit the HTML-injection issues through a browser.