3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
CPE | Name | Operator | Version |
---|---|---|---|
dlink:dsl-2760u | dlink dsl-2760u | eq | - |
osvdb.org/99603
osvdb.org/99604
osvdb.org/99605
osvdb.org/99606
osvdb.org/99607
osvdb.org/99608
osvdb.org/99609
osvdb.org/99610
osvdb.org/99611
osvdb.org/99612
osvdb.org/99613
osvdb.org/99615
osvdb.org/99616
packetstormsecurity.com/files/123976
seclists.org/fulldisclosure/2013/Nov/76
securityadvisories.dlink.com/security/publication.aspx?name=SAP10002
exchange.xforce.ibmcloud.com/vulnerabilities/88723
exchange.xforce.ibmcloud.com/vulnerabilities/88724