CVE-2020-15895

MEDIUM NUCLEI

Dlink Dir-816l Firmware - XSS

Title source: rule

Description

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.

Nuclei Templates (1)

D-Link DIR-816L 2.x - Cross-Site Scripting

MEDIUMby edoardottt

Shodan: html:"DIR-816L" || http.html:"dir-816l"

FOFA: body="dir-816l"

References (2)

[Exploit, Third Party Advisory] https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/

[Patch, Vendor Advisory] https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169

Scores

CVSS v3 6.1

EPSS 0.1373

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

dlink/dir-816l_firmware 2.06

dlink/dir-816l_firmware 2.06.b09 beta

Published Jul 22, 2020

Tracked Since Feb 18, 2026