Cross-Site Scripting in D-Link DIR-816L Devices
CVE-2020-15895

6.1MEDIUM

Key Information:

Vendor: D-Link
Status: Dir-816l Firmware
Vendor: CVE Published:; 22 July 2020

Summary

An XSS vulnerability exists in D-Link DIR-816L devices due to insufficient output filtration in the web interface. The 'RESULT' parameter in the 'webinc/js/info.php' file is prone to manipulation, allowing attackers to inject malicious scripts that can be executed in the context of the user's browser. This can lead to unauthorized actions, data theft, or spreading malware to users accessing the compromised page.

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

https://research.loginsoft.com/bugs/multiple-vulnerabilit...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 22, 2020
Vulnerability Reserved
Jul 22, 2020