CVE-2010-0936
published 2010-03-08CVE-2010-0936: Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.52%
71.5th percentile
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dkvm-ip8 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
D-LINK DKVM-IP8 2282 Dlinka4 P8 20071213 auth.asp nickname cross site scripting (EDB-11030 / XFDB-55429)
vuldb·2026-05-02·CVSS 4.3
CVE-2010-0936 [MEDIUM] D-LINK DKVM-IP8 2282 Dlinka4 P8 20071213 auth.asp nickname cross site scripting (EDB-11030 / XFDB-55429)
A vulnerability, which was classified as problematic, has been found in D-LINK DKVM-IP8 2282 Dlinka4 P8 20071213. Affected is an unknown function of the file auth.asp. Performing a manipulation of the argument nickname results in cross site scripting.
This vulnerability is known as CVE-2010-0936. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-wv69-7r49-cw5h: Cross-site scripting (XSS) vulnerability in auth
ghsa_unreviewed·2022-05-02
CVE-2010-0936 [MEDIUM] CWE-79 GHSA-wv69-7r49-cw5h: Cross-site scripting (XSS) vulnerability in auth
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
No detection rules found.
Exploit-DB
D-Link DKVM-IP8 - Cross-Site Scripting
exploitdb·2010-01-06
CVE-2010-0936 D-Link DKVM-IP8 - Cross-Site Scripting
D-Link DKVM-IP8 - Cross-Site Scripting
---
# Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability
# Date: 01-06-2010
# Author: POPCORN
# Software Link: http://www.dlink.ru/
# Version: 2282_dlinkA4_p8_20071213
# Tested on: Windows Sp 2
# Site : http://Hacking.ge
# Code :
POST http://site.com80/auth.asp HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: 212.58.116.80
Content-Length: 90
Connection: Close
Pragma: no-cache
Attack details
The POST variable nickname has been set to 1>">">
Exploit-DB
D-Link DKVM-IP8 - 'auth.asp' Cross-Site Scripting
exploitdb·2010-01-06
CVE-2010-0936 D-Link DKVM-IP8 - 'auth.asp' Cross-Site Scripting
D-Link DKVM-IP8 - 'auth.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/37646/info
D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following example data is available:
The POST variable nickname has been set to 1>">">
No writeups or analysis indexed.
http://osvdb.org/61615http://secunia.com/advisories/38051http://www.exploit-db.com/exploits/11030http://www.securityfocus.com/bid/37646http://www.vupen.com/english/advisories/2010/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/55429http://osvdb.org/61615http://secunia.com/advisories/38051http://www.exploit-db.com/exploits/11030http://www.securityfocus.com/bid/37646http://www.vupen.com/english/advisories/2010/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/55429
2010-03-08
Published