Vulnerabilities > Dlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-08 | CVE-2018-17443 | Cross-site Scripting vulnerability in Dlink Central Wifimanager An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. | 6.1 |
| 2018-10-08 | CVE-2018-17441 | Cross-site Scripting vulnerability in Dlink Central Wifimanager An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. | 6.1 |
| 2018-09-12 | CVE-2018-16605 | Cross-site Scripting vulnerability in Dlink Dir-600M Firmware D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | 5.4 |
| 2018-08-25 | CVE-2018-15875 | Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07 Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | 6.1 |
| 2018-08-25 | CVE-2018-15874 | Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07 Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. | 6.1 |
| 2018-07-05 | CVE-2018-12103 | Incorrect Authorization vulnerability in multiple products An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). | 6.5 |
| 2018-04-16 | CVE-2018-10108 | Cross-site Scripting vulnerability in Dlink Dir-815 Firmware D-Link DIR-815 REV. | 6.1 |
| 2018-04-16 | CVE-2018-10107 | Cross-site Scripting vulnerability in Dlink Dir-815 Firmware D-Link DIR-815 REV. | 6.1 |
| 2018-03-06 | CVE-2018-6529 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | 6.1 |
| 2018-03-06 | CVE-2018-6528 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | 6.1 |