提交 #501351: D-Link DIR-816 1.01TO Cross Site Scripting信息

标题D-Link DIR-816 1.01TO Cross Site Scripting
描述In the 'cgi-bin/webproc' directory within the user account, there is an unrestricted stored Cross-Site Scripting (XSS) vulnerability and injection attacks on the 'SSID' parameter of the "D-Link DIR-816" system. This function executes the user parameter without restrictions. To view the script in action, simply access the 'Setup' directory. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients.
来源⚠️ http://x.x.x.x:8080/cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic
用户
 Fergod (UID 55882)
提交2025-02-14 18時00分 (1 年前)
管理2025-02-17 11時10分 (3 days later)
状态已接受
VulDB条目296023 [D-Link DIR-816 1.01TO index.html&var:menu=24gwlan&var:page=24G_basic SSID 跨网站脚本]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!