CVE-2019-10634 (nas326_firmware)

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.
Source: NIST
CVE-2019-10634 (nas326_firmware)