Lucene search
K

5 matches found

securityvulns
securityvulns
added 2014/10/05 12:0 a.m.63 views

CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway

Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko...

4.3CVSS1.1AI score0.01201EPSS
Exploits3
0day.today
0day.today
added 2014/10/05 12:0 a.m.47 views

ZyXEL SBG-3300 Security Gateway Cross Site Scripting Vulnerability

ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability. Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time o...

4.3CVSS6.2AI score0.01201EPSS
Exploits3
Prion
Prion
added 2014/10/04 10:55 a.m.15 views

Design/Logic Flaw

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00AADY.4C0 and earlier allows remote attackers to cause a denial of service persistent web-interface outage via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginM...

5CVSS7.1AI score0.02476EPSS
Exploits6References4Affected Software1
CVE
CVE
added 2014/10/04 10:0 a.m.49 views

CVE-2014-7277

The ZyXEL SBG-3300 Security Gateway (firmware up to 1.00(AADY.4)C0) is affected by CVE-2014-7277, a Stored Server XSS in the login page. The vulnerability arises from improper handling of the loginMessage element during rendering of the login page, allowing remote attackers to inject arbitrary we...

4.3CVSS5.7AI score0.01201EPSS
Exploits3References5Affected Software2
Cvelist
Cvelist
added 2014/10/04 10:0 a.m.30 views

CVE-2014-7277

Cross-site scripting XSS vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00AADY.4C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the...

5.6AI score0.01201EPSS
Exploits3References5
Rows per page
Query Builder