Details of VAR-200605-0422

ID

VAR-200605-0422

CVE

CVE-2006-2653

TITLE

D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-Site Scripting Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2006-3666 // BID: 18168 // CNNVD: CNNVD-200605-520

DESCRIPTION

Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. D-Link DSA-3100 has a cross-site scripting vulnerability in login_error.shtml. This issue is due to a failure to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. TITLE: Elite-Board "search" Parameter Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA20289 VERIFY ADVISORY: http://secunia.com/advisories/20289/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Elite-Board 1.x http://secunia.com/product/10164/ DESCRIPTION: luny has reported a vulnerability in Elite-Board, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "search" parameter in search.html during searches is not properly sanitised before being returned to users. The vulnerability has been reported in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: luny ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Do not visit other web sites while accessing the gateway

Trust: 1.98

sources: NVD: CVE-2006-2653 // CNVD: CNVD-2006-3666 // BID: 18168 // VULHUB: VHN-18761 // PACKETSTORM: 46683 // PACKETSTORM: 46816

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-3666

AFFECTED PRODUCTS

vendor:	d link	model:	dsa-3100 airspot gateway	scope:	eq	version:	*	Trust: 1.0
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dsa-3100 airspot gateway	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	airspot dsa-3100 gateway	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2006-3666 // BID: 18168 // CNNVD: CNNVD-200605-520 // NVD: CVE-2006-2653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2653
value:	LOW
Trust: 1.0
CNVD:	CNVD-2006-3666
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-200605-520
value:	LOW
Trust: 0.6
VULHUB:	VHN-18761
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2006-2653
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-3666
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-18761
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2006-3666 // VULHUB: VHN-18761 // CNNVD: CNNVD-200605-520 // NVD: CVE-2006-2653

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-520

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 46683 // PACKETSTORM: 46816 // CNNVD: CNNVD-200605-520

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-18761

EXTERNAL IDS

db:	BID	id:	18168	Trust: 2.6
db:	NVD	id:	CVE-2006-2653	Trust: 2.3
db:	SECUNIA	id:	20343	Trust: 1.8
db:	VUPEN	id:	ADV-2006-2028	Trust: 1.7
db:	SECTRACK	id:	1016173	Trust: 1.7
db:	SREASON	id:	980	Trust: 1.7
db:	SECUNIA	id:	20289	Trust: 0.7
db:	CNNVD	id:	CNNVD-200605-520	Trust: 0.7
db:	CNVD	id:	CNVD-2006-3666	Trust: 0.6
db:	XF	id:	26759	Trust: 0.6
db:	BUGTRAQ	id:	20060527 D-LINK DSA-3100 CROSS-SITE SCRIPTING	Trust: 0.6
db:	SEEBUG	id:	SSVID-81513	Trust: 0.1
db:	EXPLOIT-DB	id:	27923	Trust: 0.1
db:	VULHUB	id:	VHN-18761	Trust: 0.1
db:	PACKETSTORM	id:	46683	Trust: 0.1
db:	PACKETSTORM	id:	46816	Trust: 0.1

sources: CNVD: CNVD-2006-3666 // VULHUB: VHN-18761 // BID: 18168 // PACKETSTORM: 46683 // PACKETSTORM: 46816 // CNNVD: CNNVD-200605-520 // NVD: CVE-2006-2653

REFERENCES

url:	http://www.eazel.es/media/advisory003-d-link-dsa-3100-cross-site-scripting.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/18168	Trust: 1.7
url:	http://securitytracker.com/id?1016173	Trust: 1.7
url:	http://secunia.com/advisories/20343	Trust: 1.7
url:	http://securityreason.com/securityalert/980	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/435212/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/2028	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26759	Trust: 1.1
url:	http://secunia.com/advisories/20289	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/435212/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26759	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2028	Trust: 0.6
url:	http://www.d-link.com/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/20289/	Trust: 0.1
url:	http://secunia.com/product/10164/	Trust: 0.1
url:	http://secunia.com/advisories/20343/	Trust: 0.1
url:	http://secunia.com/product/10210/	Trust: 0.1

sources: CNVD: CNVD-2006-3666 // VULHUB: VHN-18761 // BID: 18168 // PACKETSTORM: 46683 // PACKETSTORM: 46816 // CNNVD: CNNVD-200605-520 // NVD: CVE-2006-2653

CREDITS

jaime blasco is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 18168 // CNNVD: CNNVD-200605-520

SOURCES

db:	CNVD	id:	CNVD-2006-3666
db:	VULHUB	id:	VHN-18761
db:	BID	id:	18168
db:	PACKETSTORM	id:	46683
db:	PACKETSTORM	id:	46816
db:	CNNVD	id:	CNNVD-200605-520
db:	NVD	id:	CVE-2006-2653

LAST UPDATE DATE

2025-04-03T22:24:56.212000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-3666	date:	2006-05-30T00:00:00
db:	VULHUB	id:	VHN-18761	date:	2018-10-18T00:00:00
db:	BID	id:	18168	date:	2006-05-31T16:17:00
db:	CNNVD	id:	CNNVD-200605-520	date:	2006-05-30T00:00:00
db:	NVD	id:	CVE-2006-2653	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-3666	date:	2006-05-30T00:00:00
db:	VULHUB	id:	VHN-18761	date:	2006-05-30T00:00:00
db:	BID	id:	18168	date:	2006-05-30T00:00:00
db:	PACKETSTORM	id:	46683	date:	2006-05-26T21:57:34
db:	PACKETSTORM	id:	46816	date:	2006-05-29T22:46:46
db:	CNNVD	id:	CNNVD-200605-520	date:	2006-05-30T00:00:00
db:	NVD	id:	CVE-2006-2653	date:	2006-05-30T10:02:00