CVE-2008-1253

Currently unrated

Key Information:

Vendor
D-link
Status
Dsl-g604t
Vendor
CVE Published:
10 March 2008

Summary

Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.gnucitizen.org/projects/router-hacking-challenge/
x_refsource_MISC
http://www.securityfocus.com/bid/28439
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.