CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10699

D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/101622
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-018/?fid=8411
http://www.securityfocus.com/bid/101622
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-018/?fid=8411

Products affected by CVE-2016-10699

Dlink » Dsl-2740e » Version: N/A

cpe:2.3:h:dlink:dsl-2740e:-
Dlink » Dsl-2740e Firmware » Version: 1.00_bg_20150720

cpe:2.3:o:dlink:dsl-2740e_firmware:1.00_bg_20150720

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10699

Products

Pricing

Contact Us