XSS Vulnerability in D-Link DIR Series Routers
CVE-2018-6529

6.1MEDIUM

Key Information:

Vendor: D-Link
Status: Dir-860l Firmware
Vendor: CVE Published:; 6 March 2018

What is CVE-2018-6529?

A Cross-Site Scripting (XSS) vulnerability exists in the D-Link DIR-868L, DIR-865L, and DIR-860L routers, which allows remote attackers to exploit the htdocs/webinc/js/bsc_sms_inbox.php file. By crafting a malicious Treturn parameter in requests to soap.cgi, attackers can potentially read sensitive cookie data. This vulnerability highlights the importance of keeping router firmware up to date to mitigate security risks.