CVE-2013-6786 Information

Description

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51 as used on the ZyXEL P660HW-D1 Huawei MT882 Sitecom WL-174 TP-LINK TD-8816 and D-Link DSL-2640R and DSL-2641R when the \forbidden author header\ protection mechanism is bypassed allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a \URL redirection\ issue that some sources list separately.

Reference

http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf http://osvdb.org/99694 http://osvdb.org/ref/99/rompager407.pdf