CVE-2019-19222

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.8%

top 25.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dsl-2680 Firmware

Timeline

PublishedMar 4

Latest updateMay 24

Description

A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDdlink/dsl-2680_firmware1.03

🔴Vulnerability Details

GHSA

GHSA-v59f-mhqw-x2vc: A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1↗2022-05-24

▶

CVEList

CVE-2019-19222: A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1↗2020-03-04

▶