ID
VAR-E-201412-0425
TITLE
D-Link DAP-1360 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DAP-1360 is prone to a cross-site scripting vulnerability and multiple cross-site request-forgery vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dap-1360 | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
To exploit these issues an attacker must entice an unsuspecting victim into following a malicious URI or visiting a malicious website.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
MustLive
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 71428 | Trust: 0.3 |
REFERENCES
| url: | http://websecurity.com.ua/7234/ | Trust: 0.3 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://seclists.org/fulldisclosure/2014/dec/11 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 71428 |
LAST UPDATE DATE
2022-07-27T09:37:51.854000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 71428 | date: | 2014-12-01T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 71428 | date: | 2014-12-01T00:00:00 |