CVE-2013-7389

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*

History

26 Apr 2023, 19:27

Type Values Removed Values Added
CPE cpe:2.3:h:d-link:dir-645:a1:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dir-645_firmware:*:b08:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*

Information

Published : 2014-07-07 14:55

Updated : 2024-02-04 18:35


NVD link : CVE-2013-7389

Mitre link : CVE-2013-7389

CVE.ORG link : CVE-2013-7389


JSON object : View

Products Affected

dlink

  • dir-645
  • dir-645_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')