On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).Referenceshttps://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMjhttps://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html
