CVE-2018-17443

EUVD-2018-9196
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
dlinkcentral_wifimanager
1.00 ≤
𝑥
≤ 1.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Oct/11
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
https://www.exploit-db.com/exploits/45533/
https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
http://seclists.org/fulldisclosure/2018/Oct/11
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
https://www.exploit-db.com/exploits/45533/
https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities