Popcorn

**Name of the Vulnerable Software and Affected Versions** D-LINK DKVM-IP8 version 2282 dlinkA4 p8 20071213 **Description** A cross-site scripting issue exists due to insufficient input validation in the auth.asp file. This allows remote attackers to inject arbitrary web script or HTML via the `nickname` parameter in the '/auth.asp' endpoint. **Recommendations** For D-LINK DKVM-IP8 version 2282 dlinkA4 p8 20071213, avoid using the `nickname` parameter in the auth.asp file until a fix is available. As a temporary workaround, consider restricting access to the auth.asp file to minimize the risk of exploitation.