漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Zyxel USG/ZyWALL 跨站脚本漏洞
Vulnerability Description
Zyxel USG/ZyWALL是中国合勤(Zyxel)公司的一款防火墙。 Zyxel USG/ZyWALL V4.73之前版本、VPN V5.32之前版本、USG FLEX V5.32之前版本、ATP V5.32之前版本存在安全漏洞,该漏洞源于CGI程序存在跨站脚本(XSS)漏洞,这可能允许攻击者诱骗用户访问带有XSS负载的特制URL,如果在受害者的浏览器上执行恶意脚本,攻击者就可以访问一些基于浏览器的信息。
CVSS Information
N/A
Vulnerability Type
N/A