Cross-Site Scripting Vulnerability in D-Link DAP 1150
CVE-2014-3761

Currently unrated

Key Information:

Vendor: D-Link
Status: Dap 1150 Firmware; Dap 1150
Vendor: CVE Published:; 16 May 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the D-Link DAP 1150 owing to improper handling of the res_buf parameter in the index.cgi file located within the Control/URL-filter section. This flaw allows remote attackers to inject arbitrary web scripts or HTML, potentially compromising user sessions or redirecting users to malicious websites. Addressing this vulnerability is crucial for maintaining the integrity of web applications and safeguarding user data.

References

http://seclists.org/fulldisclosure/2014/Apr/246

mailing-listx_refsource_FULLDISC

http://websecurity.com.ua/7112

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 16, 2014