CVE-2013-5223

MEDIUM KEV

D-Link DSL-2760U Gateway - XSS

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

Exploits (2)

exploitdb WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/36988
exploitdb WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/36987

References (19)

Core 19
Core References
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99613
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/123976
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99611
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99609
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88723
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88724
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99605
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99607
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99608
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99606
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99610
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99604
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99615
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Nov/76
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99603
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99612
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99616

Scores

CVSS v3 5.4
EPSS 0.3008
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-03-25
VulnCheck KEV 2021-11-11
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2013-5063
CWE
CWE-79
Status published
Products (1)
dlink/dsl-2760u_firmware < 1.12
Published Nov 19, 2013
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026