CVE-2024-42061

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
1.0%
top 22.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Zyxel ZLDZyxel ATP Series FirmwareZyxel Usg20(w)-vpn Series Firmware+2 more
Timeline
PublishedSep 3

Description

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the m

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

CVEListV5zyxel/usg_flex_series_firmwareversions V4.50 through V5.38
CVEListV5zyxel/usg_flex_50(w)_series_firmwareversions V4.16 through V5.38
CVEListV5zyxel/usg20(w)-vpn_series_firmwareversions V4.16 through V5.38
CVEListV5zyxel/atp_series_firmwareversions V4.32 through V5.38
NVDzyxel/zld4.325.39+2

🔴Vulnerability Details

2
CVEList
CVE-2024-42061: A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script2024-09-03
GHSA
GHSA-24gr-q86g-qp3p: A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script2024-09-03
CVE-2024-42061 (MEDIUM CVSS 6.1) | A reflected cross-site scripting (X | cvebase.io