Cross-Site Scripting Flaw in Ruijie RG-UAC 6000-E50
CVE-2020-21639

6.1MEDIUM

Key Information:

Vendor: Ruijie
Status: Rg-uac 6000-e50 Firmware
Vendor: CVE Published:; 16 November 2021

Summary

The Ruijie RG-UAC 6000-E50 has been identified to contain a cross-site scripting (XSS) vulnerability through the 'rule_name' parameter. Attackers can exploit this flaw to inject and execute arbitrary web scripts or HTML in the context of a user’s session, which may lead to unauthorized actions and data exposure on affected systems. Addressing this vulnerability is crucial to maintaining the integrity and confidentiality of user interactions.

References

https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 16, 2021
Vulnerability Reserved
Aug 13, 2020