MitreCVELIST:CVE-2013-5223CVE-2013-5223
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
References
osvdb.org/99603
osvdb.org/99604
osvdb.org/99605
osvdb.org/99606
osvdb.org/99607
osvdb.org/99608
osvdb.org/99609
osvdb.org/99610
osvdb.org/99611
osvdb.org/99612
osvdb.org/99613
osvdb.org/99615
osvdb.org/99616
packetstormsecurity.com/files/123976
seclists.org/fulldisclosure/2013/Nov/76
securityadvisories.dlink.com/security/publication.aspx?name=SAP10002
exchange.xforce.ibmcloud.com/vulnerabilities/88723
exchange.xforce.ibmcloud.com/vulnerabilities/88724
Related
