Lucene search

[email protected]CVE-2007-4318

HistoryAug 13, 2007 - 9:17 p.m.

CVE-2007-4318

2007-08-1321:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4318

cross-site scripting

xss

zynos firmware

zyxel zywall 2

remote authenticated administrators

web script injection

html injection

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.

Affected configurations

NVD

Node

zyxelzynosMatch3.62

zyxelzywall_2

CPENameOperatorVersion
zyxel:zynoszyxel zynoseq3.62
zyxel:zywall_2zyxel zywall 2eq*

CPE	Name	Operator	Version
zyxel:zynos	zyxel zynos	eq	3.62
zyxel:zywall_2	zyxel zywall 2	eq	*

References

osvdb.org/38721

secunia.com/advisories/26381

securityreason.com/securityalert/3002

www.louhi.fi/advisory/zyxel_070810.txt

www.securityfocus.com/archive/1/476031/100/0/threaded

www.securityfocus.com/bid/25262

exchange.xforce.ibmcloud.com/vulnerabilities/35913

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2007-4318

prion1 nvd1 cvelist1