CVE-2019-13562

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.8%

top 26.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-655 Firmware

Timeline

PublishedJul 11

Latest updateMay 24

Description

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDdlink/dir-655_firmware3.02b05

🔴Vulnerability Details

GHSA

GHSA-vp6c-8p2r-xgj3: D-Link DIR-655 C devices before 3↗2022-05-24

▶

CVEList

CVE-2019-13562: D-Link DIR-655 C devices before 3↗2019-07-11

▶