CVE-2018-15875

MEDIUM

D-Link DIR-615 20.07 - Stored Cross-Site Scripting via UPnP AddPortMapping Description Field

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

Scores

CVSS v3 6.1
EPSS 0.0118
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
dlink/dir-615_firmware 20.07
Published Aug 25, 2018
Tracked Since Feb 18, 2026