Vulnerabilities > Dlink > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-06 CVE-2019-13374 Cross-site Scripting vulnerability in Dlink Central Wifimanager 1.03
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
network
low complexity
dlink CWE-79
6.1
6.1
2019-04-18 CVE-2019-11017 Cross-site Scripting vulnerability in Dlink Di-524 Firmware 2.06Ru
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
network
low complexity
dlink CWE-79
4.8
4.8
2019-04-01 CVE-2018-17989 Cross-site Scripting vulnerability in Dlink Dsl-3782 Firmware 1.01
A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page.
network
low complexity
dlink CWE-79
5.4
5.4
2019-01-31 CVE-2018-15516 Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
network
high complexity
dlink CWE-918
5.8
5.8
2018-10-08 CVE-2018-17443 Cross-site Scripting vulnerability in Dlink Central Wifimanager
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1.
network
low complexity
dlink CWE-79
6.1
6.1
2018-10-08 CVE-2018-17441 Cross-site Scripting vulnerability in Dlink Central Wifimanager
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1.
network
low complexity
dlink CWE-79
6.1
6.1
2018-09-12 CVE-2018-16605 Cross-site Scripting vulnerability in Dlink Dir-600M Firmware
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
network
low complexity
dlink CWE-79
5.4
5.4
2018-08-25 CVE-2018-15875 Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
network
low complexity
dlink CWE-79
6.1
6.1
2018-08-25 CVE-2018-15874 Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
network
low complexity
dlink CWE-79
6.1
6.1
2018-07-05 CVE-2018-12103 Incorrect Authorization vulnerability in multiple products
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions).
low complexity
dlink d-link CWE-863
6.5
6.5