| عنوان | D-link DIR-818LW Firmware version: 1.04 Firmware version: 1.04 Cross Site Scripting |
|---|
| الوصف | In the 'bsc_lan.php' file, in the parameter 'Name' an unrestricted Cross-Site Scripting (XSS) vulnerability and injection attacks exist in the "D-link DIR-818LW", specifically targeting the 'Name' parameter in 'DHCP reserved address' . The function executes the user-supplied parameter without validation. Malicious attackers can leverage this vulnerability to access sensitive client information.
script: <img/src/onerror=prompt(8)> |
|---|
| المصدر | ⚠️ http://x.x.x.x:1080/bsc_lan.php |
|---|
| المستخدم | Edcarlos (UID 53778) |
|---|
| ارسال | 04/08/2025 07:39 PM (9 أشهر منذ) |
|---|
| الاعتدال | 13/08/2025 09:07 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 320032 [D-Link DIR-818LW 1.04 DHCP Reserved Address /bsc_lan.php الأسم البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|