A cross-site scripting vulnerability exists in Zyxel ZyWALL 2 Plus, a firewall appliance for corporate environments from Zyxel China, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to be able to execute arbitrary JavaScript code to perform a variety of attacks, such as clipboard hijacking and session hijacking.