XSS Vulnerability in Zyxel NAS 326 Affected Product by Zyxel
CVE-2019-10634

5.4MEDIUM

Key Information:

Vendor: Zyxel
Status: Nas326 Firmware
Vendor: CVE Published:; 9 April 2019

Summary

An XSS vulnerability exists in the Zyxel NAS 326 that enables a remote authenticated attacker to inject arbitrary JavaScript or HTML code. This can occur through manipulation of the user, group, and file-share description fields, allowing unauthorized actions to be executed remotely within the context of the affected application.

References

http://maxwelldulin.com/BlogPost?post=3236967424

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Mar 29, 2019