CVE-2016-10699
MEDIUMD-Link DSL-2740E 1.00_BG_20150720 - Stored Cross-Site Scripting via Username and Password Fields
Title source: llmDescription
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101622
Exploit, Third Party Advisory x_refsource_misc
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-018/?fid=8411
Scores
CVSS v3
6.1
EPSS
0.0047
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
dlink/dsl-2740e_firmware
1.00_bg_20150720
Published
Oct 31, 2017
Tracked Since
Feb 18, 2026