Stored XSS Vulnerability in D-Link DSL-3782 Device Web Interface
CVE-2018-17989
5.4MEDIUM
What is CVE-2018-17989?
The D-Link DSL-3782 device's web interface is susceptible to a stored XSS vulnerability that affects firmware version 1.01. This flaw allows authenticated attackers to inject malicious JavaScript or HTML code onto the Access Control List (ACL) page. When a user subsequently accesses the ACL page, the injected payload executes within their browser, potentially compromising user data and session security. It is essential for users of the D-Link DSL-3782 to be aware of this vulnerability and apply necessary updates or mitigations to protect against potential exploitation.