CVE-2026-1744 | D-Link DSL-6641K N8.TR069.20131126 sp_pppoe_user.js doSubmitPPP Username cross site scripting

Inserito da Angelo Barbosa | Feb 1, 2026 | CVE

A vulnerability, which was classified as problematic, was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is cataloged as CVE-2026-1744. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2026-1744 | D-Link DSL-6641K N8.TR069.20131126 sp_pppoe_user.js doSubmitPPP Username cross site scripting

Post correlati

CVE-2024-0405 | Burst Statistics Really Simple Plugin up to 1.5.3 on WordPress sql injection

CVE-2024-31206 | dectalk-tts prior 1.0.1 HTTP Request cleartext transmission

CVE-2024-24246 | qpdf 11.9.0 /bits/shared_ptr_base.h std::__shared_count heap-based overflow

CVE-2025-5218 | FreeFloat FTP Server 1.0.0 LITERAL Command buffer overflow