Cross-Site Scripting Vulnerability in Netis DL4323 Devices
CVE-2019-20070

6.1MEDIUM

Key Information:

Vendor

Netis-systems

Status
Dl4343 Firmware
Vendor
CVE Published:
30 December 2019

What is CVE-2019-20070?

A Cross-Site Scripting (XSS) vulnerability has been identified in Netis DL4323 devices, allowing attackers to exploit the urlFQDN parameter in form2url.cgi, which is associated with the Keyword field of the URL Blocking Configuration. This flaw can enable unauthorized users to execute arbitrary JavaScript code within the context of a user's session, potentially compromising sensitive information and user credentials.

References

https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHr...
x_refsource_MISC
https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlh...
x_refsource_MISC
https://fatihhcelik.blogspot.com/2019/12/xss-vulnerabilit...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-20070 : Cross-Site Scripting Vulnerability in Netis DL4323 Devices