CVE-2013-6786: XSS
First published: Thu Jan 16 2014(Updated: )
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AllegroSoft RomPager | <=4.07 | |
| Dlink Dsl-2640r | ||
| Dlink Dsl-2641r | ||
| Huawei MT882 | ||
| Sitecom WL-174 | ||
| TP-LINK TD-8816 | ||
| Zyxel P-660hw D1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/type
- agent/author
- agent/event
- agent/tags
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- vendor/allegrosoft
- canonical/allegrosoft rompager
- version/allegrosoft rompager/4.07
- vendor/dlink
- canonical/dlink dsl-2640r
- canonical/dlink dsl-2641r
- vendor/huawei
- canonical/huawei mt882
- vendor/sitecom
- canonical/sitecom wl-174
- vendor/tp-link
- canonical/tp-link td-8816
- vendor/zyxel
- canonical/zyxel p-660hw d1