webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dir-803_firmware 1.04.b02 |
||
dlink dir-816l_firmware 2.06 |
||
dlink dir-816l_firmware 2.06.b09 |
||
dlink dir-645_firmware 1.06b01 |
||
dlink dir-815_firmware 2.07.b01 |
||
dlink dir-860l_firmware 1.10b04 |
||
dlink dir-865l_firmware 1.08b01 |