Design/Logic Flaw

2020-09-1920:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.8%

JSON

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

CPENameOperatorVersion
dir-645_firmwareeq1.6.0-b1
dir-803_firmwareeq1.4.0-b2
dir-815_firmwareeq2.7.0-b1
dir-816l_firmwareeq2.06
dir-816l_firmwareeq2.6.b9 beta
dir-860l_firmwareeq1.10.0-b4
dir-865l_firmwareeq1.8.0-b1

Name	Operator	Version
dir-645_firmware	eq	1.6.0-b1
dir-803_firmware	eq	1.4.0-b2
dir-815_firmware	eq	2.7.0-b1
dir-816l_firmware	eq	2.06
dir-816l_firmware	eq	2.6.b9 beta
dir-860l_firmware	eq	1.10.0-b4
dir-865l_firmware	eq	1.8.0-b1