CVE-2018-6527 — Cross-site Scripting in Dlink Dir-860l Firmware

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 29.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-860l Firmware Dlink Dir-865l Firmware Dlink Dir-868l Firmware

Timeline

PublishedMar 6

Latest updateMay 24

Description

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDdlink/dir-860l_firmwarea1_fw110b04

▶NVDdlink/dir-865l_firmwarereva_firmware_patch_1.08.b01

▶NVDdlink/dir-868l_firmwarea1_fw112b04

🔴Vulnerability Details

GHSA

GHSA-vvr3-vw4g-8mj8: XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map↗2022-05-24

▶

CVEList

CVE-2018-6527: XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map↗2018-03-06

▶