CVE-2018-17989

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 74.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dsl-3782 Firmware
Timeline
PublishedApr 1
Latest updateMay 14

Description

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fjwf-g6jm-w4pq: A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 12022-05-14
CVEList
CVE-2018-17989: A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 12019-04-01
CVE-2018-17989 (MEDIUM CVSS 5.4) | A stored XSS vulnerability exists i | cvebase.io