2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Quick Stats page psilan.cgi in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected...
CVE-2014-9021
CVE-2014-9021 covers multiple XSS flaws in the ZTE ZXDSL 831 family (including 831CII). Technical details from connected sources show vulnerabilities on specific UI endpoints: the TR-069 client page (tr69cfg.cgi) via parameters tr69cAcsURL, tr69cAcsUser, tr69cAcsPwd, tr69cConnReqPwd, tr69cDebugEn...