CVE-2024-9792

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 10, 2024 / Updated: 40d ago

010
CVSS 5.1EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9792. See article

Oct 10, 2024 at 3:02 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 10, 2024 at 3:03 PM
CVE Assignment

NVD published the first details for CVE-2024-9792

Oct 10, 2024 at 3:15 PM
CVSS

A CVSS base score of 2.4 has been assigned.

Oct 10, 2024 at 3:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.4%)

Oct 11, 2024 at 10:19 AM
Static CVE Timeline Graph

Affected Systems

D-link/dsl-2750u
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI