A cross-site scripting vulnerability exists in TOTOLINK A3002RU, a wireless router product from Taiwan-based TOTOLINK, which stems from the lack of validation of client-side data for the productβs ability to modify the Description and Service Name fields. An attacker could execute client-side code through this vulnerability.