Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1028


Vulnerability Score 3.5 3.5
CVE Id CVE-2015-1028
Last Modified 26 Jan 2015 07:55:57
Published 21 Jan 2015 10:28:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).

Vulnerable Systems

Operating System

  • D-link Dsl-2730b Firmware Ge 1.01



EXPLOIT-DB - 35751

EXPLOIT-DB - 35750

EXPLOIT-DB - 35747

Last Updated: 27 May 2016 11:07:38