exploitDog

CVE-2014-7277

Опубликовано: 04 окт. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zyxel:sbg3300-n_firmware:*:*:*:*:*:*:*:*

Версия до 1.00\(aady.4\)c0 (включая)

cpe:2.3:h:zyxel:sbg3300-n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5rww-cwpc-fv6x

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.

EPSS

Процентиль: 56%

0.0034

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79