Cross-Site Scripting Vulnerability in D-Link Central WiFi Manager
CVE-2019-13374
6.1MEDIUM
What is CVE-2019-13374?
A cross-site scripting vulnerability exists in the resource view component of the D-Link Central WiFi Manager. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the passcode parameter in the index.php/Pay/passcodeAuth request. Unpatched installations prior to version 1.03R0100_BETA6 are particularly at risk, making it essential for users to apply the available updates to mitigate potential attacks.