Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9142
Reference (s):
- BUGTRAQ:20141203 Wireless N ADSL 2/2+ Modem Router – DT5130 – Xss / URL Redirect / Command Injection
- URL: http://www.securityfocus.com/archive/1/534143/100/0/threaded
- EXPLOIT-DB:35462
- URL: http://www.exploit-db.com/exploits/35462
- http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html