CVE-2007-4318

Name of the Vulnerable Software and Affected Versions ZyNOS firmware version 3.62(WK.6)

Description A cross-site scripting (XSS) issue exists in the management interface of the Zywall 2 device, specifically in Forms/General 1. This allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.

Recommendations For ZyNOS firmware version 3.62(WK.6), as a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation. Avoid using the sysSystemName parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.