| |
Vulnerability CVE-2013-5223
Published: 2013-11-18 Modified: 2013-11-19
| Description: |
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl. |
CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.5/10 |
2.9/10 |
6.8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://xforce.iss.net/xforce/xfdb/88724
http://xforce.iss.net/xforce/xfdb/88723
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002
http://seclists.org/fulldisclosure/2013/Nov/76
http://packetstormsecurity.com/files/123976
http://osvdb.org/99616
http://osvdb.org/99615
http://osvdb.org/99613
http://osvdb.org/99612
http://osvdb.org/99611
http://osvdb.org/99610
http://osvdb.org/99609
http://osvdb.org/99608
http://osvdb.org/99607
http://osvdb.org/99606
http://osvdb.org/99605
http://osvdb.org/99604
http://osvdb.org/99603
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
