Cross-Site Scripting Vulnerability in ZTE ZXDSL 831 and 831CII Products
CVE-2014-9020

Currently unrated

Key Information:

Vendor: Zte
Status: Zxdsl 831; Zxdsl 831cii
Vendor: CVE Published:; 20 November 2014

What is CVE-2014-9020?

A Cross-Site Scripting (XSS) vulnerability exists in the Quick Stats page (psilan.cgi) of the ZTE ZXDSL 831 and 831CII models. This flaw enables remote attackers to inject arbitrary web scripts or HTML through the domainname parameter during a save action. Exploiting this vulnerability can lead to the execution of malicious code in the context of an authenticated user's session, potentially compromising sensitive information and the integrity of user interactions.

References

http://www.securityfocus.com/archive/1/533930/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/129016/ZTE-831CII-Ha...

x_refsource_MISC

http://www.securityfocus.com/bid/70984

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2014
Vulnerability Reserved
Nov 20, 2014

Zte

What is CVE-2014-9020?

References

Timeline