CVE-2015-6017

6.1MEDIUM

Key Information:

Vendor: Zyxel
Status: P-660hw-t1 V2 Firmware
Vendor: CVE Published:; 31 December 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.

References

http://www.securitytracker.com/id/1034552

vdb-entryx_refsource_SECTRACK

https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/870744

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2015
Vulnerability Reserved
Aug 14, 2015

.