Vulnerability CVE-2021-46387
Published: 2022-03-01

Description:
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Zyxel ZyWALL 2 Plus Cross Site Scripting
Momen Eldawakhly
04.03.2022

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://www.zyxel.com/us/en/support/security_advisories.shtml
https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing
https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml
http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html
Copyright 2024, cxsecurity.com

 

Back to Top