Vulnerability Details CVE-2018-15874
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-15874
-
cpe:2.3:h:dlink:dir-615:t1
-
cpe:2.3:o:dlink:dir-615_firmware:20.07