Cross-site scripting vulnerability in the administer interface of UniFi Controller
An attacker can forge a special hostname and use script-injection or a cross-site scripting to make unauthorized changes or to inject abtrary HTML content when the wireless client's information happens to be renderred into the UI.
Upgrade your UniFi Controller to 2.3.6 and after.
The vulnerability was discovered by Moritz 'momo' Frenzel (firstname.lastname@example.org). Who immediately contacted our team at Ubiquiti. And to shackspace (Stuttgart hackerspace) for providing the infrastructure.