CVE-2013-7389 – D-Link DIR-645 1.03B08 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-7389

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. Múltiples vulnerabilidades de XSS en D-Link DIR-645 Router (Rev. A1) con firmware anterior a 1.04B11 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro deviceid en parentalcontrols/bind.php, (2) el parámetro RESULT en info.php o (3) el parámetro receiver en bsc_sms_send.php. • https://www.exploit-db.com/exploits/27283 http://osvdb.org/show/osvdb/95910 http://osvdb.org/show/osvdb/95952 http://osvdb.org/show/osvdb/95953 http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008 http://www.securityfocus.com/bid/61579 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •