exploitDog

CVE-2019-13495

Опубликовано: 31 мар. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.

Ссылки

https://gist.github.com/leona4040/6541e3b11da6ea7675d0498d0db98832
Exploit
Third Party Advisory
https://gist.github.com/leona4040/6541e3b11da6ea7675d0498d0db98832
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zyxel:xgs2210-52hp_firmware:4.50:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:xgs2210-52hp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00212

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mwxv-mmvj-g2x4

github

больше 3 лет назад

In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.

EPSS

Процентиль: 44%

0.00212

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79