Lucene search
MitreCVELIST:CVE-2018-6529HistoryMar 06, 2018 - 8:00 p.m.
CVE-2018-6529
2018-03-0620:00:00
mitre
www.cve.org
1
0.002 Low
EPSS
Percentile
58.6%
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
References
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto
Related
nvd
nvd
CVE-2018-6529
2018-03-06 20:29:00
prion
prion
Cross site scripting
2018-03-06 20:29:00
cve
cve
CVE-2018-6529
2018-03-06 20:29:00
openvas
openvas
D-Link DIR Routers Multiple Cookie Disclosure Vulnerabilities (Mar 2018)
2018-03-21 00:00:00