CVE-2018-6528
published 2018-03-06CVE-2018-6528: XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-860l_firmware | <= a1_fw110b04 | — |
| dlink | dir-865l_firmware | <= reva_firmware_patch_1.08.b01 | — |
| dlink | dir-868l_firmware | <= a1_fw112b04 | — |