Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-9955
HistoryApr 22, 2019 - 8:29 p.m.

CVE-2019-9955

2019-04-2220:29:00
CWE-79
[email protected]
web.nvd.nist.gov
5

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.029

Percentile

90.9%

JSON

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized ‘mp_idx’ parameter.

Affected configurations

Nvd
Node
zyxelatp200_firmwareMatch4.31
AND
zyxelatp200Match-
Node
zyxelatp500_firmwareMatch4.31
AND
zyxelatp500Match-
Node
zyxelatp800_firmwareMatch4.31
AND
zyxelatp800Match-
Node
zyxelusg20-vpn_firmwareMatch4.31
AND
zyxelusg20-vpnMatch-
Node
zyxelusg20w-vpn_firmwareMatch4.31
AND
zyxelusg20w-vpnMatch-
Node
zyxelusg40_firmwareMatch4.31
AND
zyxelusg40Match-
Node
zyxelusg40w_firmwareMatch4.31
AND
zyxelusg40wMatch-
Node
zyxelusg60_firmwareMatch4.31
AND
zyxelusg60Match-
Node
zyxelusg60w_firmwareMatch4.31
AND
zyxelusg60wMatch-
Node
zyxelusg110_firmwareMatch4.31
AND
zyxelusg110Match-
Node
zyxelusg210_firmwareMatch4.31
AND
zyxelusg210Match-
Node
zyxelusg310_firmwareMatch4.31
AND
zyxelusg310Match-
Node
zyxelusg1100_firmwareMatch4.31
AND
zyxelusg1100Match-
Node
zyxelusg1900_firmwareMatch4.31
AND
zyxelusg1900Match-
Node
zyxelusg2200-vpn_firmwareMatch4.31
AND
zyxelusg2200-vpnMatch-
Node
zyxelzywall_110_firmwareMatch4.31
AND
zyxelzywall_110Match-
Node
zyxelzywall_310_firmwareMatch4.31
AND
zyxelzywall_310Match-
Node
zyxelzywall_1100_firmwareMatch4.31
AND
zyxelzywall_1100Match-
Node
zyxelvpn50_firmwareMatch-
AND
zyxelvpn50Match-
Node
zyxelvpn100_firmwareMatch-
AND
zyxelvpn100Match-
Node
zyxelvpn300_firmwareMatch-
AND
zyxelvpn300Match-
VendorProductVersionCPE
zyxelatp200_firmware4.31cpe:2.3:o:zyxel:atp200_firmware:4.31:*:*:*:*:*:*:*
zyxelatp200-cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
zyxelatp500_firmware4.31cpe:2.3:o:zyxel:atp500_firmware:4.31:*:*:*:*:*:*:*
zyxelatp500-cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
zyxelatp800_firmware4.31cpe:2.3:o:zyxel:atp800_firmware:4.31:*:*:*:*:*:*:*
zyxelatp800-cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
zyxelusg20-vpn_firmware4.31cpe:2.3:o:zyxel:usg20-vpn_firmware:4.31:*:*:*:*:*:*:*
zyxelusg20-vpn-cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*
zyxelusg20w-vpn_firmware4.31cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.31:*:*:*:*:*:*:*
zyxelusg20w-vpn-cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 421

Related

cvelist 1
exploitdb 1
nuclei 1
packetstorm 1
prion 1
zdt 1
cve 1
cvelist
cvelist
CVE-2019-9955
2019-04-22 19:38:59
exploitdb
exploitdb
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
2019-04-16 00:00:00
nuclei
nuclei
Zyxel - Cross-Site Scripting
2021-01-09 14:45:11
packetstorm
packetstorm
Zyxel ZyWall Cross Site Scripting
2019-04-16 00:00:00
prion
prion
Cross site scripting
2019-04-22 20:29:00
zdt
zdt
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
2019-04-16 00:00:00
cve
cve
CVE-2019-9955
2019-04-22 20:29:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.029

Percentile

90.9%

JSON
Related for NVD:CVE-2019-9955
cvelist1exploitdb1nuclei1packetstorm1prion1zdt1cve1