Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4318

4 documents4 sources
Severity
4.3MEDIUM
EPSS
6.4%
top 8.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zyxel Zynos
Timeline
PublishedAug 13
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

ā–¶NVDzyxel/zynos3.62

šŸ”“Vulnerability Details

2
GHSA
GHSA-gjrj-3h8r-hphq: Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3ā†—2022-05-01
ā–¶
CVEList
CVE-2007-4318: Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3ā†—2007-08-13
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
ZYXEL ZyWALL 2 3.62 - '/Forms/General_1?sysSystemName' Cross-Site Scriptingā†—2007-08-10
ā–¶
CVE-2007-4318 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io