What is CVE-2013-5223?

CVE-2013-5223 is a medium severity vulnerability classified under CWE-79 (Cross-Site Scripting (XSS)). Cross-Site Scripting (XSS) in Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev

How do I fix CVE-2013-5223?

Apply the vendor patch immediately. Additionally, implement defenses against Cross-Site Scripting (XSS) by following secure coding practices. Use Precogs AI to scan your codebase for similar vulnerabilities.

CVE-2013-5223

Cross-Site Scripting (XSS) in Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev

Verified by Precogs Threat Research

Last Updated: Apr 22, 2026

Base Score

5.4MEDIUM

Executive Summary

CVE-2013-5223 is a medium severity vulnerability affecting appsec. It is classified as Cross-Site Scripting (XSS). This vulnerability is actively being exploited in the wild.

Precogs AI Insight

"The root cause of this vulnerability lies in within Multiple cross-site, allowing a lack of rigorous type checking mechanisms. Adversaries commonly weaponize this defect by escalate their own privileges to administrative levels without proper credentials. Precogs identifies insecure data flow paths before deployment to safeguard the application against payload injection."

Exploit Probability (EPSS)

Elevated (30.1%)

Public POC

Available

Exploit Probability

Low (<10%)

Public POC

Actively Exploited

Affected Assets

appsecCWE-79

What is this vulnerability?

CVE-2013-5223 is categorized as a medium Cross-Site Scripting (XSS) flaw with a CVSS base score of 5.4. Based on our vulnerability intelligence, this issue occurs when the application fails to securely handle untrusted data boundaries.

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

This architectural defect enables adversaries to bypass intended security controls, directly manipulating the application's execution state or data layer. Immediate strategic intervention is required.

Risk Assessment

Metric	Value
CVSS Base Score	5.4 (MEDIUM)
Vector String	`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N`
Published	November 19, 2013
Last Modified	April 22, 2026
Related CWEs	CWE-79, CWE-79

Impact on Systems

✅ Data Exfiltration: Attackers can extract sensitive data from backend databases, configuration files, or internal services.

✅ Authentication Bypass: Exploiting this flaw may allow unauthorized access to protected resources and administrative interfaces.

✅ Lateral Movement: Once initial access is gained, attackers can pivot to internal systems and escalate privileges.

How to Fix and Mitigate CVE-2013-5223

Apply Vendor Patches Immediately: This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog. Apply updates per vendor instructions.
Verify Patch Deployment: Confirm all instances are updated using Precogs continuous monitoring.
Review Audit Logs: Investigate historical access logs for indicators of compromise related to this attack surface.
Implement Defense-in-Depth: Deploy WAF rules, network segmentation, and endpoint detection to limit blast radius.

Defending with Precogs AI

Precogs AI Analysis Engine identifies this vulnerability class through semantic code analysis powered by Code Property Graph (CPG) technology, performing inter-procedural taint tracking to detect injection flaws, broken authentication, and insecure data flows across your entire codebase.

Use Precogs to continuously scan your codebase, binaries, APIs, and infrastructure for this vulnerability class and related attack patterns. Our AI-powered detection engine combines static analysis with threat intelligence to identify exploitable weaknesses before attackers do.

Start scanning with Precogs →

Vulnerability Code Signature

Attack Data Flow

Stage	Detail
Source	User-controlled input (e.g., URL parameter or form field)
Vector	Input is reflected in the DOM without sanitization
Sink	Browser executes the payload as valid JavaScript
Impact	Session hijacking, credential theft, unauthorized actions on behalf of the user

Vulnerable Code Pattern

// ❌ VULNERABLE: Direct DOM injection
const userComment = urlParams.get('comment');
// Taint sink: innerHTML executes injected scripts
document.getElementById('comments').innerHTML = userComment;

Secure Code Pattern

// ✅ SECURE: Safe DOM manipulation
const userComment = urlParams.get('comment');
// Sanitized binding: textContent escapes HTML entities
document.getElementById('comments').textContent = userComment;

How Precogs Detects This

Precogs AI Analysis Engine maps untrusted input sources directly to sensitive DOM manipulation functions, detecting Cross-Site Scripting (XSS) paths before deployment.\n

Related Vulnerabilitiesvia CWE-79

View all CWE-79 vulnerabilities →

Is your system affected?

Precogs AI detects CVE-2013-5223 in compiled binaries, LLMs, and application layers — even without source code access.

Request Deep Analysis Book a demo