Описание
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Broken LinkVendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Broken LinkVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zyxel:zywall_2_plus_internet_security_appliance_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_2_plus_internet_security_appliance:-:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.28486
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 4 года назад
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
EPSS
Процентиль: 96%
0.28486
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79