CVE-2018-6529

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.6%

top 29.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-860l Firmware Dlink Dir-865l Firmware Dlink Dir-868l Firmware

Timeline

PublishedMar 6

Latest updateMay 24

Description

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDdlink/dir-860l_firmwarea1_fw110b04

▶NVDdlink/dir-865l_firmwarereva_firmware_patch_1.08.b01

▶NVDdlink/dir-868l_firmwarea1_fw112b04

🔴Vulnerability Details

GHSA

GHSA-xg32-wxx9-5grm: XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox↗2022-05-24

▶

CVEList

CVE-2018-6529: XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox↗2018-03-06

▶