PT-2021-14749 · Zte · Zte Zxiptv+1
Published
2021-08-05
·
Updated
2021-08-12
·
CVE-2021-21738
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZTE ZXIPTV version 5.06.04.09
ZTE ZXIPTV-EAS version 5.06.04.09
Description
The issue is related to two reflective cross-site scripting (XSS) vulnerabilities in ZTE's big video business platform. These vulnerabilities are caused by insufficient input verification, allowing an attacker to implement XSS attacks by tampering with parameters. This could affect the operations of valid users.
Recommendations
For ZTE ZXIPTV version 5.06.04.09, update to a version that includes input verification to prevent XSS attacks.
For ZTE ZXIPTV-EAS version 5.06.04.09, update to a version that includes input verification to prevent XSS attacks.
As a temporary workaround, consider restricting access to parameters that can be tampered with to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zte Zxiptv
Zte Zxiptv-Eas