CVE-2022-45441

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.7%
top 28.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zyxel Nbg-418n V2 FirmwareZyxel Nbg-418n Firmware
Timeline
PublishedFeb 7

Description

A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5zyxel/nbg-418n_v2_firmware< V1.00(AARP.13)C0
NVDzyxel/nbg-418n_firmware1.00\(aarp.10\)c0

🔴Vulnerability Details

2
CVEList
CVE-2022-45441: A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V12023-02-07
GHSA
GHSA-xcqv-8q74-7h3x: A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V12023-02-07
CVE-2022-45441 (MEDIUM CVSS 6.1) | A cross-site scripting (XSS) vulner | cvebase.io