Title: RouterOS v6.36.2 - Cross Site Scripting Type: Local/Remote Author: Nassim Asrir Author Company: HenceForth Risk: (3/5) Release Date: 11.11.2016 Summary: MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more. Vendor: http://www.mikrotik.com/ Affected Version: v6.36.2 Tested On: Linux // Dist (Bugtraq 2) Vendor Status: I told them and i wait for the answer. PoC: -Using this Vulnerability we can inject a javascript code but to test this vulnerability you must to login in the router Configurations and when you login then you can test the XSS like this: * http://routerip/webfig/#"> Credits: Vulnerability discovered by Nassim Asrir -