A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 up to and including 4.72, VPN series firmware versions 4.30 up to and including 5.31, USG FLEX series firmware versions 4.50 up to and including 5.31, and ATP series firmware versions 4.32 up to and including 5.31, which could allow an malicious user to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zyxel atp800_firmware |
||
zyxel atp700_firmware |
||
zyxel atp500_firmware |
||
zyxel atp200_firmware |
||
zyxel atp100_firmware |
||
zyxel atp100w_firmware |
||
zyxel usg_flex_100w_firmware |
||
zyxel usg_flex_200_firmware |
||
zyxel usg_flex_500_firmware |
||
zyxel usg_flex_700_firmware |
||
zyxel usg_flex_50w_firmware |
||
zyxel vpn1000_firmware |
||
zyxel vpn300_firmware |
||
zyxel vpn100_firmware |
||
zyxel vpn50_firmware |
||
zyxel usg40_firmware |
||
zyxel usg40w_firmware |
||
zyxel usg60_firmware |
||
zyxel usg60w_firmware |
Vulmon