PT-2019-16565 · Zte · Zte Netnumen Dap

Publicado

2019-06-11

Atualizado

2019-10-09

CVE-2019-3413

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZTE NetNumen DAP product versions prior to V20.18.40.R7.B1

Description The issue arises from the lack of correct validation of client data in WEB applications, resulting in users being hijacked. This is due to a cross-site scripting (XSS) issue.

Recommendations For versions prior to V20.18.40.R7.B1, update to version V20.18.40.R7.B1 or later to resolve the issue. As a temporary workaround, consider implementing additional validation and sanitization of client data in WEB applications to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-3413

Produtos afetados

Zte Netnumen Dap

PT-2019-16565 · Zte · Zte Netnumen Dap

CVE-2019-3413

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3