CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.5%
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
Vendor | Product | Version | CPE |
---|---|---|---|
zyxel | atp200 | - | cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:* |
zyxel | atp200_firmware | * | cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:* |
zyxel | atp100_firmware | * | cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:* |
zyxel | atp100 | - | cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:* |
zyxel | atp700_firmware | * | cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:* |
zyxel | atp700 | - | cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:* |
zyxel | atp500_firmware | * | cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:* |
zyxel | atp500 | - | cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:* |
zyxel | atp100w_firmware | * | cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:* |
zyxel | atp100w | - | cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.5%