Cross-Site Scripting Vulnerability in ZTE ZXHN H108N Devices

CVE-2015-7252

What is CVE-2015-7252?

A cross-site scripting vulnerability exists in the webproc component of ZTE ZXHN H108N R1A devices prior to ZTE.bhs.ZXHNH108NR1A.k_PE. This weakness allows remote attackers to inject arbitrary web scripts or HTML into the errorpage parameter. Exploiting this vulnerability could enable attackers to manipulate user sessions or redirect users to malicious websites, posing a significant risk to the integrity of web applications and user data.

References