XSS Vulnerability in D-Link 6600-AP and DWL-3600AP Devices
CVE-2019-14338
6.1MEDIUM
What is CVE-2019-14338?
A vulnerability exists in the D-Link 6600-AP and DWL-3600AP devices due to an XSS flaw in the management interface. When an authenticated user accesses the admin.cgi?action= page, they can be subjected to cross-site scripting attacks, allowing attackers to inject malicious scripts. This could lead to unauthorized actions being performed on behalf of the user, such as accessing sensitive data or compromising the device's configuration.