D-Link DIR-845L router is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. D-Link DIR-845L routers version 1.01KRb03 and below are vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. Vulnerable Component Technical Details The vulnerability is due to the lack of filtering in the parameter $_GET which is directly used in code on line 17 of bsc_sms_inbox.php. The vulnerable code