PT-2020-9403 · Zyxel · Zyxel Xgs2210-52Hp

Leona4040

Published

2020-03-31

Updated

2020-04-01

CVE-2019-13495

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Zyxel XGS2210-52HP version 4.50

Description: The issue allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field, due to multiple stored cross-site scripting (XSS) issues.

Recommendations: For Zyxel XGS2210-52HP version 4.50, consider disabling access to the rpSys.html page until a patch is available, and restrict the use of the Name and Location fields to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-13495

Affected Products

Zyxel Xgs2210-52Hp

PT-2020-9403 · Zyxel · Zyxel Xgs2210-52Hp

CVE-2019-13495

Weakness Enumeration

Related Identifiers

Affected Products

References · 4