CVE-2020-15339

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue concerns a XSS vulnerability. It affects the handle campaign script link endpoint, specifically the script name parameter. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For versions 3.1.0 and 3.1.1, consider restricting access to the live/CPEManager/AXCampaignManager/handle campaign script link endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the script name parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.