Описание
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
Ссылки
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.35068
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
EPSS
Процентиль: 97%
0.35068
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79