Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
References
Link | Resource |
---|---|
http://www.exploit-db.com/exploits/35747 | Exploit |
http://www.exploit-db.com/exploits/35750 | Exploit |
http://www.exploit-db.com/exploits/35751 | Exploit |
http://www.xlabs.com.br/blog/?p=339 | Exploit |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2015-01-21 15:28
Updated : 2024-02-28 12:20
NVD link : CVE-2015-1028
Mitre link : CVE-2015-1028
CVE.ORG link : CVE-2015-1028
JSON object : View
Products Affected
dlink
- dsl-2730b
- dsl-2730b_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')