CVE-2023-27990

🗓️ 24 Apr 2023 00:00:00Reported by ZyxelType

XSS vuln. in Zyxel ATP & USG FLEX series firmware (4.32-5.35) allows admin attacker to store malicious scripts & execute them in GUI Logs page

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2023-27990	24 Apr 202318:15	–	attackerkb
Circl	CVE-2023-27990	24 Apr 202322:19	–	circl
CNNVD	Zyxel ATP 跨站脚本漏洞	24 Apr 202300:00	–	cnnvd
Cvelist	CVE-2023-27990	24 Apr 202300:00	–	cvelist
EUVD	EUVD-2023-31715	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Zyxel Firewalls and Access Points	25 Apr 202300:00	–	ncsc
NVD	CVE-2023-27990	24 Apr 202318:15	–	nvd
Prion	Cross site scripting	24 Apr 202318:15	–	prion
Positive Technologies	PT-2023-7790 · Zyxel · Zyxel Usg Flex Series +4	24 Apr 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-27990	23 May 202502:26	–	redhatcve

NVD

Node

zyxel atp200_firmwareRange4.32–5.36

AND

zyxel atp200Match-

Node

zyxel atp100_firmwareRange4.32–5.36

AND

zyxel atp100Match-

Node

zyxel atp700_firmwareRange4.32–5.36

AND

zyxel atp700Match-

Node

zyxel atp500_firmwareRange4.32–5.36

AND

zyxel atp500Match-

Node

zyxel atp100w_firmwareRange4.32–5.36

AND

zyxel atp100wMatch-

Node

zyxel atp800_firmwareRange4.32–5.36

AND

zyxel atp800Match-

Node

zyxel usg_flex_100_firmwareRange4.50–5.36

AND

zyxel usg_flex_100Match-

Node

zyxel usg_flex_50_firmwareRange4.50–5.36

AND

zyxel usg_flex_50Match-

Node

zyxel usg_flex_200_firmwareRange4.50–5.36

AND

zyxel usg_flex_200Match-

Node

zyxel usg_flex_500_firmwareRange4.50–5.36

AND

zyxel usg_flex_500Match-

Node

zyxel usg_flex_700_firmwareRange4.50–5.36

AND

zyxel usg_flex_700Match-

Node

zyxel usg_flex_100w_firmwareRange4.50–5.36

AND

zyxel usg_flex_100wMatch-

Node

zyxel usg_20w-vpn_firmwareRange4.16–5.36

AND

zyxel usg_20w-vpnMatch-

Node

zyxel usg_flex_50w_firmwareRange4.16–5.36

AND

zyxel usg_flex_50wMatch-

Node

zyxel usg20-vpn_firmwareRange4.30–5.36

AND

zyxel usg20-vpnMatch-

Node

zyxel vpn100_firmwareRange4.30–5.36

AND

zyxel vpn100Match-

Node

zyxel vpn1000_firmwareRange4.30–5.36

AND

zyxel vpn1000Match-

Node

zyxel vpn300_firmwareRange4.30–5.36

AND

zyxel vpn300Match-

Node

zyxel vpn50_firmwareRange4.30–5.36

AND

zyxel vpn50Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.32 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.30 through 5.35"
      }
    ]
  }
]

Source	Link
zyxel	www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls

25 Feb 2026 17:19Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.8

EPSS0.00366

CWE-79