PT-2019-16565 · Zte · Zte Netnumen Dap

Published

2019-06-11

Updated

2019-10-09

CVE-2019-3413

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZTE NetNumen DAP product versions prior to V20.18.40.R7.B1

Description The issue arises from the lack of correct validation of client data in WEB applications, resulting in users being hijacked. This is due to a cross-site scripting (XSS) issue.

Recommendations For versions prior to V20.18.40.R7.B1, update to version V20.18.40.R7.B1 or later to resolve the issue. As a temporary workaround, consider implementing additional validation and sanitization of client data in WEB applications to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-3413

Affected Products

Zte Netnumen Dap

PT-2019-16565 · Zte · Zte Netnumen Dap

CVE-2019-3413

Weakness Enumeration

Related Identifiers

Affected Products

References · 3