CVE-2022-40603Cross-site Scripting in Zyxel Atp100 Firmware

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA4.7
EPSS
0.7%
top 28.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
23
Zyxel Atp100 FirmwareZyxel Atp100w FirmwareZyxel Atp200 Firmware+20 more
Timeline
PublishedDec 6
Latest updateJul 6

Description

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s br

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages23 packages

CVEListV5zyxel/usg_flex_series_firmware4.50 through 5.31
CVEListV5zyxel/zywall_usg_series_firmware4.30 through 4.72
CVEListV5zyxel/atp_series_firmware4.32 through 5.31
CVEListV5zyxel/vpn_series_firmware4.30 through 5.31
NVDzyxel/usg_flex_200_firmware4.505.31

🔴Vulnerability Details

2
GHSA
GHSA-6jf5-53hp-585m: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 42023-07-06
CVEList
CVE-2022-40603: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 42022-12-06
CVE-2022-40603 — Cross-site Scripting in Zyxel | cvebase