Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-21825
HistoryMar 03, 2022 - 12:00 a.m.

Zyxel ZyWALL 2 Plus Cross-Site Scripting Vulnerability

2022-03-0300:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
zyxel
zywall
cross-site scripting
vulnerability
data validation
firewall
appliance
corporate environments
exploit
javascript
clipboard hijacking
session hijacking

EPSS

0.122

Percentile

95.4%

A cross-site scripting vulnerability exists in Zyxel ZyWALL 2 Plus, a firewall appliance for corporate environments from Zyxel China, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to be able to execute arbitrary JavaScript code to perform a variety of attacks, such as clipboard hijacking and session hijacking.

EPSS

0.122

Percentile

95.4%