Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-6786

Published: 16/01/2014 Updated: 26/04/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 460
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Zyxel

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Allegro RomPager prior to 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote malicious users to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zyxel p-660hw d1 -

sitecom wl-174 -

allegrosoft rompager

tp-link td-8816 -

huawei mt882 -

dlink dsl-2640r -

dlink dsl-2641r -

Nmap Scripts

http-vuln-cve2013-6786

Detects a URL redirection and reflected XSS vulnerability in Allegro RomPager Web server. The vulnerability has been assigned CVE-2013-6786.

nmap -p80 --script http-vuln-cve2013-6786 <target>
nmap -sV http-vuln-cve2013-6786 <target>

PORT   STATE SERVICE
80/tcp open  http
| http-vuln-cve2013-6786:
|   VULNERABLE:
|   URL redirection and reflected XSS vulnerability in Allegro RomPager Web server
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2013-6786
|
|     Devices based on Allegro RomPager web server are vulnerable to URL redirection
|     and reflected XSS. If Referer header in a request to a non existing page, data
|     can be injected into the resulting 404 page. This includes linking to an
|     untrusted website and XSS injection.
|     Disclosure date: 2013-07-1
|     References:
|_      https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf

http-vuln-cve2013-6786

Detects a URL redirection and reflected XSS vulnerability in Allegro RomPager Web server. The vulnerability has been assigned CVE-2013-6786.

PORT   STATE SERVICE
80/tcp open  http
| http-vuln-cve2013-6786:
|   VULNERABLE:
|   URL redirection and reflected XSS vulnerability in Allegro RomPager Web server
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2013-6786
|
|     Devices based on Allegro RomPager web server are vulnerable to URL redirection
|     and reflected XSS. If Referer header in a request to a non existing page, data
|     can be injected into the resulting 404 page. This includes linking to an
|     untrusted website and XSS injection.
|     Disclosure date: 2013-07-1
|     References:
|_      https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf

References

CWE-79http://osvdb.org/99694http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdfhttp://osvdb.org/ref/99/rompager407.pdfhttps://nvd.nist.govhttps://nmap.org/nsedoc/scripts/../scripts/http-vuln-cve2013-6786.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook