Stored XSS Vulnerability in D-Link DSL-2680 Web Administration Interface
CVE-2019-19222

5.4MEDIUM

Key Information:

Vendor

D-Link
Status
Dsl-2680 Firmware
Vendor
CVE Published:
4 March 2020

What is CVE-2019-19222?

The D-Link DSL-2680 web administration interface is susceptible to a Stored XSS vulnerability. Authenticated attackers can exploit this weakness by submitting a specially crafted POST request to the info.html page. This allows the injection of arbitrary JavaScript code, potentially enabling attackers to execute malicious scripts within the context of the user's session, leading to unauthorized actions and data exposure.

References

https://www.ftc.gov/system/files/documents/cases/dlink_pr...
x_refsource_MISC
https://www.dlink.com/en/security-bulletin
x_refsource_MISC
https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabili...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.