var-201311-0288
Vulnerability from variot
D-Link DSL-2760U The gateway contains a cross-site scripting vulnerability.By the remotely authenticated user via the following parameters Web Script or HTML May be inserted. (1) sntpcfg.cgi of ntpServer1 Parameters (2) ddnsmngr.cmd of username Parameters (3) todmngr.tod of username Parameters (4) urlfilter.cmd of TodUrlAdd Parameters (5) scprttrg.cmd of appName Parameters (6) scoutflt.cmd of add In action fltName Parameters (7) scoutflt.cmd of remove In action rmLst Parameters (8) portmapcfg.cmd of groupName Parameters (9) snmpconfig.cgi of snmpRoCommunity Parameters (10) scinflt.cmd of fltName Parameters (11) prmngr.cmd of add In action PolicyName Parameters (12) prmngr.cmd of remove In action rmLst Parameters (13) ippcfg.cmd of ippName Parameters (14) samba.cgi of smbNetBiosName Parameters (15) samba.cgi of smbDirName Parameters (16) wlcfg.wl of wlSsid Parameters. The D-Link Router 2760N is a router device. There are multiple cross-site scripting and HTML injection vulnerabilities in the D-Link DSL-2760U-BN. Since the D-Link Router 2760N is handling NTS settings, dynamic DNS settings, URL filtering. NAT port processing, IP filtering, interface group, import IP filter, policy routing add, print server, SAMBA configuration, WIFI SSID incorrectly filter input, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks when malicious data is viewed When it can lead to sensitive information leakage or session hijacking. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. E1). The vulnerability is caused by (1) the sntpcfg.cgi script does not filter the 'ntpServer1' parameter correctly (2) the ddnsmngr.cmd or todmngr.tod script does not correctly Filter the 'username' parameter (3) The urlfilter.cmd script does not correctly filter the 'TodUrlAdd' parameter (4) The scprttrg.cmd script does not correctly filter the 'appName' parameter (5) The scoutflt.cmd script does not correctly filter the 'fltName' in the add operation 'rmLst' parameter in parameters and delete operations (6) portmapcfg.cmd script does not filter 'groupName' parameter correctly (7) snmpconfig.cgi script does not filter 'snmpRoCommunity' parameter correctly (8) scinflt.cmd script does not filter 'fltName' correctly 'Parameter (9) The prmngr.cmd script does not correctly filter the 'PolicyName' parameter in the add operation and the 'rmLst' parameter in the delete operation (10) The ippcfg.cmd script does not correctly filter the 'ippName' parameter (11) The samba.cgi script The 'smbNetBiosName' and 'smbDirName' parameters are not filtered correctly (12) The wlcfg.wl script does not filter the 'wlSsid' parameter correctly. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML by using a specially crafted URL. Advisory: D-Link Router 2760N (DSL-2760U-BN) Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223
========================== Vulnerability Description ==========================
Multiple Cross-Site Scripting (XSS) vulnerabilities present in D-Link Router 2760N, both stored and reflected in various sections of the router Web-UI. 23-Aug-2013 - Vendor Re-Informed - No response. 01-Sep-2013 - Vendor Re-Informed - No response. 10-Sep-2013 - Vendor Re-Informed - No response. 10-Oct-2013 - Vendor Re-Informed - No response.
========================== References ==========================
http://www.dlink.com http://www.dlink.com.tr/en/arts/117.html http://www.netcheif.com/downloads/DSL-2760U_user_manual.pdf
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0288",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsl-2760u",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12"
},
{
"model": "dsl-2760u",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "(rev. e1)"
},
{
"model": "dsl-2760u-bn",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsl-2760u",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dsl-2760u-bn",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dsl-2760u",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Liad Mizrachi",
"sources": [
{
"db": "BID",
"id": "63648"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
}
],
"trust": 1.0
},
"cve": "CVE-2013-5223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-5223",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14456",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-65225",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2013-5223",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5223",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5223",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2013-14456",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-140",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-65225",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2013-5223",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-2760U The gateway contains a cross-site scripting vulnerability.By the remotely authenticated user via the following parameters Web Script or HTML May be inserted. (1) sntpcfg.cgi of ntpServer1 Parameters (2) ddnsmngr.cmd of username Parameters (3) todmngr.tod of username Parameters (4) urlfilter.cmd of TodUrlAdd Parameters (5) scprttrg.cmd of appName Parameters (6) scoutflt.cmd of add In action fltName Parameters (7) scoutflt.cmd of remove In action rmLst Parameters (8) portmapcfg.cmd of groupName Parameters (9) snmpconfig.cgi of snmpRoCommunity Parameters (10) scinflt.cmd of fltName Parameters (11) prmngr.cmd of add In action PolicyName Parameters (12) prmngr.cmd of remove In action rmLst Parameters (13) ippcfg.cmd of ippName Parameters (14) samba.cgi of smbNetBiosName Parameters (15) samba.cgi of smbDirName Parameters (16) wlcfg.wl of wlSsid Parameters. The D-Link Router 2760N is a router device. There are multiple cross-site scripting and HTML injection vulnerabilities in the D-Link DSL-2760U-BN. Since the D-Link Router 2760N is handling NTS settings, dynamic DNS settings, URL filtering. NAT port processing, IP filtering, interface group, import IP filter, policy routing add, print server, SAMBA configuration, WIFI SSID incorrectly filter input, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks when malicious data is viewed When it can lead to sensitive information leakage or session hijacking. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. E1). The vulnerability is caused by (1) the sntpcfg.cgi script does not filter the \u0027ntpServer1\u0027 parameter correctly (2) the ddnsmngr.cmd or todmngr.tod script does not correctly Filter the \u0027username\u0027 parameter (3) The urlfilter.cmd script does not correctly filter the \u0027TodUrlAdd\u0027 parameter (4) The scprttrg.cmd script does not correctly filter the \u0027appName\u0027 parameter (5) The scoutflt.cmd script does not correctly filter the \u0027fltName\u0027 in the add operation \u0027rmLst\u0027 parameter in parameters and delete operations (6) portmapcfg.cmd script does not filter \u0027groupName\u0027 parameter correctly (7) snmpconfig.cgi script does not filter \u0027snmpRoCommunity\u0027 parameter correctly (8) scinflt.cmd script does not filter \u0027fltName\u0027 correctly \u0027Parameter (9) The prmngr.cmd script does not correctly filter the \u0027PolicyName\u0027 parameter in the add operation and the \u0027rmLst\u0027 parameter in the delete operation (10) The ippcfg.cmd script does not correctly filter the \u0027ippName\u0027 parameter (11) The samba.cgi script The \u0027smbNetBiosName\u0027 and \u0027smbDirName\u0027 parameters are not filtered correctly (12) The wlcfg.wl script does not filter the \u0027wlSsid\u0027 parameter correctly. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML by using a specially crafted URL. Advisory:\t\tD-Link Router 2760N (DSL-2760U-BN) Multiple XSS\nAuthor:\t\tLiad Mizrachi\nVendor URL:\thttp://www.dlink.com\nStatus:\t\tFixed\nCVE-ID:\t\tCVE-2013-5223\n\n==========================\nVulnerability Description\n==========================\n\nMultiple Cross-Site Scripting (XSS) vulnerabilities present in D-Link Router 2760N, both stored and reflected in various sections of the router Web-UI. \n23-Aug-2013 - Vendor Re-Informed - No response. \n01-Sep-2013 - Vendor Re-Informed - No response. \n10-Sep-2013 - Vendor Re-Informed - No response. \n10-Oct-2013 - Vendor Re-Informed - No response. \n\n==========================\nReferences\n==========================\n\n\nhttp://www.dlink.com\nhttp://www.dlink.com.tr/en/arts/117.html\nhttp://www.netcheif.com/downloads/DSL-2760U_user_manual.pdf\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "PACKETSTORM",
"id": "123976"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=36987",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-65225",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5223",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "123976",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "99606",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99610",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99608",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99607",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99615",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99612",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99613",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99603",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99605",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99604",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99611",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99616",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99609",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10002",
"trust": 1.8
},
{
"db": "BID",
"id": "63648",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14456",
"trust": 0.6
},
{
"db": "XF",
"id": "20135223",
"trust": 0.6
},
{
"db": "XF",
"id": "88723",
"trust": 0.6
},
{
"db": "XF",
"id": "88724",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20131110 D-LINK ROUTER 2760N (DSL-2760U-BN) MULTIPLE XSS",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "36987",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "36988",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65225",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-5223",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"id": "VAR-201311-0288",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
}
]
},
"last_update_date": "2024-11-23T22:39:04.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10002",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2013/nov/76"
},
{
"trust": 1.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10002"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/123976"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99603"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99604"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99605"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99606"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99607"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99608"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99609"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99610"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99611"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99612"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99613"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99615"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99616"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5223"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5223"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/63648"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/88724"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/88723"
},
{
"trust": 0.4,
"url": "http://www.dlink.com.tr/en/arts/117.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/36987/"
},
{
"trust": 0.1,
"url": "https://github.com/ostorlab/kev"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/ippcfg.cmd?action=savapply\u0026ippenabled=1\u0026ippmake=aa\u0026ippname=aa\";alert(\u0027xss-printer-sever\u0027);//"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scinflt.cmd?action=add\u0026wanif=ppp0\u0026fltname=\u003cscript\u003ealert(\u0027xss\u0026protocol=2\u0026srcaddr=ss\u0027)\u003c/script\u003e\u0026srcmask=255.255.255.0\u0026srcport=80\u0026dstaddr=10.0.0.10\u0026dstmask=255.255.255.0\u0026dstport=8080"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/wlcfg.wl?wlssididx=0\u0026wlenbl=1\u0026wlhide=0\u0026wlapisolation=0\u0026wlssid=%3cscript%3ealert(%27xssid%27)%3c/script%3e\u0026wlcountry=il\u0026wlmaxassoc=16\u0026wldisablewme=0\u0026wlenablewmf=0\u0026wlenbl_wl0v1=0\u0026wlssid_wl0v1=wl0_guest1\u0026wlhide_wl0v1=0\u0026wlapisolation_wl0v1=0\u0026wldisablewme_wl0v1=0\u0026wlenablewmf_wl0v1=0\u0026wlmaxassoc_wl0v1=16\u0026wlenbl_wl0v2=0\u0026wlssid_wl0v2=wl0_guest2\u0026wlhide_wl0v2=0\u0026wlapisolation_wl0v2=0\u0026wldisablewme_wl0v2=0\u0026wlenablewmf_wl0v2=0\u0026wlmaxassoc_wl0v2=16\u0026wlenbl_wl0v3=0\u0026wlssid_wl0v3=wl0_guest3\u0026wlhide_wl0v3=0\u0026wlapisolation_wl0v3=0\u0026wldisablewme_wl0v3=0\u0026wlenablewmf_wl0v3=0\u0026wlmaxassoc_wl0v3=16"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/prmngr.cmd?action=add\u0026policyname=\u003cscript\u003ealert(\u0027x\u0026sourceip=ss\u0027);\u003c/script\u003e\u0026lanifcname=wl0\u0026wanif=ppp0\u0026defaultgw=10.0.0.111"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/samba.cgi?enablesmb=1\u0026smbnetbiosname=\u0027;var"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/ddnsmngr.cmd?action=add\u0026service=1\u0026hostname=aaaa\u0026username=%3cscript%3ealert(%27xss%27)%3c%2fscript%3e\u0026password=zzzzzz\u0026iface=ppp0"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/urlfilter.cmd?action=set_url\u0026todurladd=%3cscript%3ealert(%27xss%27)%3c/script%3e\u0026port_num=80"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5223"
},
{
"trust": 0.1,
"url": "http://www.dlink.com"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scoutflt.cmd?action=add\u0026fltname=\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e\u0026protocol=1\u0026srcaddr=10.0.0.10\u0026srcmask=255.255.255.0\u0026srcport=80\u0026dstaddr=10.0.0.12\u0026dstmask=255.255.255.0\u0026dstport=8080"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scoutflt.cmd?action=remove\u0026rmlst=%3cscript%3ealert%28%27xss%27%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://www.netcheif.com/downloads/dsl-2760u_user_manual.pdf"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/samba.cgi?enablesmb=1\u0026smbnetbiosname=\u0027;alert(\"samba-x\u0026smbdirname=ss\");//\u0026smbutf8dirname=bbb\u0026smbcharset=utf8\u0026smbunplug=nolug=no"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/wlsecurity.html]"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scprttrg.cmd?action=add\u0026appname=%3cscript%3ealert(%27xss%27)%3c/script%3e\u0026dstwanif=ppp0\u0026tstart=1111,\u0026tend=1112,\u0026tproto=1,\u0026ostart=11,\u0026oend=11,\u0026oproto=1,"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/todmngr.tod?action=add\u0026username=%3cscript%3ealert%28%27xss%27%29%3c/script%3e\u0026mac=f1:de:f1:ab:cb:6d\u0026days=1\u0026start_time=571\u0026end_time=732"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/snmpconfig.cgi?snmpstatus=1\u0026snmprocommunity=%27;alert(%27xss%27)\u0026snmprwcommunity=private\u0026snmpsysname=d-link\u0026snmpsyscontact=unknown\u0026snmpsyslocation=unknown\u0026snmptrapip=0.0.0.0"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/prmngr.cmd?action=remove\u0026rmlst=%3cscript%3ealert%28%27xss%27%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/portmapcfg.cmd?action=add\u0026groupname=\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e\u0026choicebox=|usb0|wl0|\u0026wanifname=atm1"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/wlmacflt.cmd?action=view]"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/sntpcfg.cgi?ntp_enabled=1\u0026ntpserver1=locahost%22;alert%28%27xss%27%29;//\u0026ntpserver2=time-nw.nist.gov\u0026ntpserver3=\u0026ntpserver4=\u0026ntpserver5=\u0026timezone_offset=+02:00\u0026timezone=jerusalem\u0026use_dst=0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"date": "2013-11-19T00:00:00",
"db": "VULHUB",
"id": "VHN-65225"
},
{
"date": "2013-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"date": "2013-11-10T00:00:00",
"db": "BID",
"id": "63648"
},
{
"date": "2013-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"date": "2013-11-11T23:46:32",
"db": "PACKETSTORM",
"id": "123976"
},
{
"date": "2013-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"date": "2013-11-19T04:50:12.063000",
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-65225"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"date": "2013-11-10T00:00:00",
"db": "BID",
"id": "63648"
},
{
"date": "2013-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"date": "2013-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"date": "2024-11-21T01:57:14.070000",
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-2760U Gateway cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.