Cross-Site Scripting Vulnerability in Zyxel Zywall 2 Management Interface
CVE-2007-4318

Currently unrated

Key Information:

Vendor: Zyxel
Status: Zynos; Zywall 2
Vendor: CVE Published:; 13 August 2007

Summary

The Zyxel Zywall 2 device, running ZyNOS firmware 3.62(WK.6), contains a cross-site scripting vulnerability in its management interface. This flaw allows remote authenticated administrators to inject arbitrary web scripts or HTML through the sysSystemName parameter. This poses significant security risks as it can be exploited to manipulate the user interface or execute malicious scripts in the context of other users' sessions, potentially leading to unauthorized access and data exposure.

References

http://www.louhi.fi/advisory/zyxel_070810.txt

x_refsource_MISC

http://osvdb.org/38721

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/476031/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 13, 2007
Vulnerability Reserved
Aug 13, 2007