header-logo
Suggest Exploit
vendor:
ZyWALL 10
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: ZyWALL 10
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: h:zyxel:zywall_10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

ZyWALL 10 Firewall Cross-Site Scripting Vulnerability

ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

Mitigation:

Ensure that user input is properly sanitized and filtered before being used in web pages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9373/info

ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user.

This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</script>

Navigation

Suggest Exploit

Services By CQR