Venom Nguyen

**Name of the Vulnerable Software and Affected Versions** ZTE ZXUniPOS NDS-LTE (affected versions not specified) **Description** A stored Cross-Site Scripting (XSS) issue allows attackers to inject malicious scripts, such as JavaScript, into target systems. When users access pages containing this content, the scripts execute automatically in their browsers. This can lead to the theft of user cookies, hijacking of session privileges, and tampering with page content. Because the code is stored within the system, the attack has a broad scope and high concealment, often used for data theft. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** An insecure password scheme occurs due to the improper selection of encryption algorithms, inadequate key management, or flawed code implementation. This can result in data leakage or tampering, specifically through the use of weak encryption algorithms or hard-coded keys. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXUniPOS NDS-LTE (affected versions not specified) **Description** Cross-site request forgery (CSRF) allows attackers to exploit an authenticated user session to forge requests, which can lead to the execution of unintended operations, such as tampering with configuration data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXUniPOS NDS-LTE (affected versions not specified) **Description** A business logic flaw allows attackers to exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.