Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.