CVE-2010-0936

EPSS 1.5%

Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencewww.exploit-db.com/exploits/11030unverified exploitdbwww.exploit-db.com/exploits/33471unverified exploitdbwww.exploit-db.com/exploits/11030unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/61615 http://secunia.com/advisories/38051 https://exchange.xforce.ibmcloud.com/vulnerabilities/55429 http://www.exploit-db.com/exploits/11030 http://www.securityfocus.com/bid/37646 http://www.vupen.com/english/advisories/2010/0083