ZyXEL ZyWALL 10 Management Interface Cross-Site Scripting Vulnerability

2004-01-06T00:00:00
ID EDB-ID:23527
Type exploitdb
Reporter Rafel Ivgi
Modified 2004-01-06T00:00:00

Description

ZyXEL ZyWALL 10 Management Interface Cross-Site Scripting Vulnerability. CVE-2004-1789. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/9373/info

ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user.

This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</script>