Cross site scripting

2022-05-2403:15:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.

CPENameOperatorVersion
atp100_firmwarege4.35
atp100_firmwarele5.20
atp100w_firmwarege4.35
atp100w_firmwarele5.20
atp200_firmwarege4.35
atp200_firmwarele5.20
atp500_firmwarege4.35
atp500_firmwarele5.20
atp700_firmwarege4.35
atp700_firmwarele5.20

Name	Operator	Version
atp100_firmware	ge	4.35
atp100_firmware	le	5.20
atp100w_firmware	ge	4.35
atp100w_firmware	le	5.20
atp200_firmware	ge	4.35
atp200_firmware	le	5.20
atp500_firmware	ge	4.35
atp500_firmware	le	5.20
atp700_firmware	ge	4.35
atp700_firmware	le	5.20