CVE-2021-41445

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 36.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-x1860 Firmware

Timeline

PublishedFeb 10

Latest updateFeb 11

Description

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDdlink/dir-x1860_firmware1.03

Patches

Patch: supportannouncement.us.dlink.com ↗Patch: supportannouncement.us.dlink.com ↗

🔴Vulnerability Details

GHSA

GHSA-2fvg-vjrp-6xv7: A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1↗2022-02-11

▶

CVEList

CVE-2021-41445: A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1↗2022-02-10

▶