exploitDog

CVE-2021-21738

Опубликовано: 05 авг. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV-EAS_PV5.06.04.09>

Ссылки

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016764
Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016764
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zte:zxiptv_firmware:zxiptv-eas_pv5.06.04.09:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxiptv:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00317

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m8mc-h47f-g549

github

больше 3 лет назад

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>

EPSS

Процентиль: 54%

0.00317

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79