CVE-2014-3761

Dlink Dap 1150 Firmware - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/URL-filter section.

References (2)

[Exploit] http://seclists.org/fulldisclosure/2014/Apr/246

[Exploit] http://websecurity.com.ua/7112

Scores

EPSS 0.0035

EPSS Percentile 57.5%

Details

CWE

CWE-79

Status published

Products (3)

dlink/dap_1150_firmware

dlink/dap_1150

n/a/n/a

Published May 16, 2014

Tracked Since Feb 18, 2026