Cross-Site Scripting Vulnerability in ZyXEL SBG-3300 Security Gateway
CVE-2014-7277

Currently unrated

Key Information:

Vendor

Zyxel
Status
Sbg3300-n Firmware
Sbg3300-n
Vendor
CVE Published:
4 October 2014

What is CVE-2014-7277?

The ZyXEL SBG-3300 Security Gateway is affected by a Cross-Site Scripting (XSS) vulnerability in its login page, which allows remote attackers to inject arbitrary web scripts or HTML through unfiltered 'welcome message' form data. This improper handling occurs during the rendering of the loginMessage list item, potentially leading to exploitation of session tokens or redirection to malicious websites. Users of firmware version 1.00(AADY.4)C0 and earlier should be vigilant, as this flaw remains unpatched in the affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://archives.neohapsis.com/archives/bugtraq/2014-10/00...
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2014/Oct/19
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/70232
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.