| عنوان | D-Link DIR-816 1.01TO Cross Site Scripting |
|---|
| الوصف | In the 'cgi-bin/webproc' directory within the user account, there is an unrestricted stored Cross-Site Scripting (XSS) vulnerability and injection attacks on the 'SSID' parameter of the "D-Link DIR-816" system. This function executes the user parameter without restrictions. To view the script in action, simply access the 'Setup' directory.
Malicious attackers can exploit this vulnerability to obtain sensitive information from clients. |
|---|
| المصدر | ⚠️ http://x.x.x.x:8080/cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic |
|---|
| المستخدم | Fergod (UID 55882) |
|---|
| ارسال | 14/02/2025 06:00 PM (1 سنة منذ) |
|---|
| الاعتدال | 17/02/2025 11:10 AM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 296023 [D-Link DIR-816 1.01TO index.html&var:menu=24gwlan&var:page=24G_basic SSID البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|