CVE-2013-7389 in DIR-645info

Summary

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

07/07/2014

Disclosure

07/07/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
70293	D-Link DIR-645 cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389
9858	D-Link DIR-645 bsc_sms_send.php cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389
9857	D-Link DIR-645 bind.php cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389
9856	D-Link DIR-645 authentication.cgi cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389
9855	D-Link DIR-645 hedwig.cgi cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389
9854	D-Link DIR-645 post_login.xml cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389
9845	D-Link DIR-645 info.php cross site scripting	79	Proof-of-Concept	Official fix	CVE-2013-7389

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!