4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.3%
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.
CPE | Name | Operator | Version |
---|---|---|---|
zte:zxdsl_831 | zte zxdsl 831 | eq | - |
zte:zxdsl_831cii | zte zxdsl 831cii | eq | - |
packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html
packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html
www.securityfocus.com/archive/1/533930/100/0/threaded
www.securityfocus.com/archive/1/533931/100/0/threaded
www.securityfocus.com/bid/70984
www.securityfocus.com/bid/70985
exchange.xforce.ibmcloud.com/vulnerabilities/98584