Vulnerability Details CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-25786
-
cpe:2.3:h:dlink:dir-645:a1
-
cpe:2.3:h:dlink:dir-803:a1
-
cpe:2.3:h:dlink:dir-815:b1
-
cpe:2.3:h:dlink:dir-816l:b1
-
cpe:2.3:h:dlink:dir-860l:a1
-
cpe:2.3:h:dlink:dir-865l:a1
-
cpe:2.3:o:dlink:dir-645_firmware:1.06b01
-
cpe:2.3:o:dlink:dir-803_firmware:1.04.b02
-
cpe:2.3:o:dlink:dir-815_firmware:2.07.b01
-
cpe:2.3:o:dlink:dir-816l_firmware:2.06
-
cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09
-
cpe:2.3:o:dlink:dir-860l_firmware:1.10b04
-
cpe:2.3:o:dlink:dir-865l_firmware:1.08b01