A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
05 Sep 2024, 14:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zyxel atp700
Zyxel zld Firmware Zyxel atp100w Zyxel atp800 Zyxel usg Flex 100 Zyxel atp200 Zyxel Zyxel usg 20w-vpn Zyxel usg Flex 100w Zyxel atp100 Zyxel atp500 Zyxel usg Flex 700 Zyxel usg Flex 100ax Zyxel usg Flex 50 Zyxel usg Flex 50w Zyxel usg Flex 500 Zyxel usg Flex 200 |
|
CPE | cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:* |
|
References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024 - Vendor Advisory |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Sep 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 03:15
Updated : 2024-09-05 14:32
NVD link : CVE-2024-42061
Mitre link : CVE-2024-42061
CVE.ORG link : CVE-2024-42061
JSON object : View
Products Affected
zyxel
- usg_flex_200
- atp100
- atp700
- usg_flex_500
- zld_firmware
- usg_flex_50w
- atp800
- usg_flex_50
- usg_20w-vpn
- atp100w
- usg_flex_100
- usg_flex_700
- usg_flex_100ax
- usg_flex_100w
- atp500
- atp200
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')