| शीर्षक | D-Link DSL-2740R EU_01.15 Cross Site Scripting |
|---|
| विवरण | A stored Cross-Site Scripting (XSS) vulnerability was identified in the wireless configuration functionality of the router. By navigating to the Wireless Setup section and modifying the “Wireless Network Name (SSID)” field with a malicious payload such as "><img/src/onerror=prompt(8)>, the application fails to properly sanitize user input. The injected payload is then stored and later reflected in the Status page, where it is executed in the context of the user’s browser, as demonstrated by the triggered JavaScript prompt. This confirms that both input validation and output encoding are insufficient, allowing attackers to execute arbitrary scripts, potentially leading to session hijacking or unauthorized actions within the administrative interface. Implementing proper server-side validation and context-aware output encoding is recommended to mitigate this vulnerability. |
|---|
| स्रोत | ⚠️ http://admin:admin@x.x.x.x/ |
|---|
| उपयोगकर्ता | Havook (UID 71104) |
|---|
| सबमिशन | 06/04/2026 05:11 PM (22 दिन पहले) |
|---|
| संयम | 25/04/2026 04:15 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359607 [D-Link DSL-2740R EU_01.15 Wireless Setup Section Wireless Network Name क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 17 |
|---|