CVE-2015-1028
D-Link DSL-2730B - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
Exploits (3)
exploitdb
WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/35747
exploitdb
WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/35750
exploitdb
WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/35751
Scores
EPSS
0.2108
EPSS Percentile
95.7%
Details
CWE
CWE-79
Status
published
Products (1)
dlink/dsl-2730b_firmware
ge_1.01
Published
Jan 21, 2015
Tracked Since
Feb 18, 2026