header-logo
Suggest Exploit
vendor:
D-KVM-IP8
by:
Not provided
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: D-KVM-IP8
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested:
Not provided

D-LINK DKVM-IP8 Cross-Site Scripting Vulnerability

The D-LINK DKVM-IP8 device's web interface does not properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to theft of authentication credentials and other attacks.

Mitigation:

It is recommended to update the device firmware to the latest version, which may include a patch for this vulnerability. Additionally, users should be cautious when clicking on links or opening attachments from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37646/info

D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The following example data is available:

The POST variable nickname has been set to 1>">">