Vulnerability Details : CVE-2013-5223
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
Vulnerability category: Cross site scripting (XSS)
CVE-2013-5223 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2013-5223
Probability of exploitation activity in the next 30 days: 0.93%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5223
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2013-5223
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5223
-
http://packetstormsecurity.com/files/123976
D-Link Router 2760N Cross Site Scripting ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88724
D-Link multiple cross-site scripting CVE-2013-5223 Vulnerability Report
-
http://seclists.org/fulldisclosure/2013/Nov/76
Full Disclosure: D-Link Router 2760N (DSL-2760U-BN) Multiple XSSExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88723
D-Link multiple cross-site scripting CVE-2013-5223 Vulnerability Report
-
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002
D-Link Technical SupportVendor Advisory
Products affected by CVE-2013-5223
- cpe:2.3:h:dlink:dsl-2760u:-:*:*:*:*:*:*:*