The ASUS RT-AX88U is a wireless router from Asus (China). The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a stored cross-site scripting (XSS) attack by uploading an image containing JavaScript code after logging in to the device with normal user privileges.