Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

zyxel-xss.txt

🗓️ 09 May 2008 00:00:00Reported by Deniz CevikType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

The Zyxel ZYWall 100 is vulnerable to Cross Site Scripting due to improper referer header handlin

Code
`Affected Software/Device: Zyxel ZYWall 100  
  
Vulnerability: Cross Site Scripting  
  
Risk: Low  
  
Description: The ZyWALL 100 is designed to act as a secure gateway via  
xDSL/Cable modems or broadband routers for small to medium size  
companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN  
capability, MultiNAT, web pages content filtering and an embedded web  
configurator for easy configuration and management.  
  
ZyWALL web based management interface utilizes referer header for  
serving 404 Error pages. The vulnerability can be exploited by  
requesting a non-existing web page with a specially crafted referer  
header. As the application does not properly sanitize the data contained  
in the referer header, desired script code can be run on client browser.  
  
Sample Request:  
  
GET /blah.htm HTTP/1.1  
Host: www.site.com  
Referer: blaaaa"><script>alert(12345)</script>aaaah.htm  
  
  
Deniz CEVIK  
www.intellectpro.com.tr  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 May 2008 00:00Current
7.4High risk
Vulners AI Score7.4
zyxel zywall 100cross site scriptinglow riskicsa certified firewallipsec vpnmultinatweb pages content filteringembedded web configurator
27