CVE Vulnerability
CVE-2019-13374
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
References
| Link | Resource |
|---|---|
| https://unh3x.github.io/2019/02/21/D-link-(CWM-100)-Multiple-Vulnerabilities/ | Third Party Advisory |
| https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-(CWM-100)-Multiple-Vulnerabilities.md | Third Party Advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117 | Patch Vendor Advisory |
Configurations
Configuration 1
|
|
Information
Published : 2019-07-06 11:15
Updated : 2019-07-09 08:16
NVD link : CVE-2019-13374
Mitre link : CVE-2019-13374
Products Affected
CWE