Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25786

Опубликовано: 19 сент. 2020
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00678
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-5x8h-xjj6-w38j

CVSS3: 6.1
github
больше 3 лет назад

** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.

EPSS

Процентиль: 71%
0.00678
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79