Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
Published 2013-11-19 04:50:12
Updated 2017-08-29 01:33:43
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Cross site scripting (XSS)

CVE-2013-5223 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Added on 2022-03-25 Action due date 2022-04-15

Exploit prediction scoring system (EPSS) score for CVE-2013-5223

Probability of exploitation activity in the next 30 days: 0.93%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-5223

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
3.5
LOW AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
NIST

CWE ids for CVE-2013-5223

References for CVE-2013-5223

Products affected by CVE-2013-5223

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!