Stored XSS Vulnerability in D-Link DSL-2680 Web Administration Interface (Firmware EU_1.03)

CVE-2019-19222 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.

Learn more about our Web App Pen Testing.