leona4040/test Secret

Created July 9, 2019 16:54

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/leona4040/6541e3b11da6ea7675d0498d0db98832.js"></script>

Download ZIP

Raw

test

In firmware version 4.50 of Zyxel XGS2210-52HP, Multiple  stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via rpSys.html.

Author

leona4040 commented Jul 9, 2019

Product:Zyxel XGS2210-52HP
FW version info:4.50

inject arbitrary web script or HTML via the "port_setup name" field.

an attacker to execute arbitrary JavaScript code within the auto login admin management page.

inject arbitrary web script or HTML via the "classifier config name" field.

via F12 button, you can seeinject arbitrary web script

an attacker to execute arbitrary JavaScript code within the auto login admin management page.

inject arbitrary web script or HTML via the "filter name" field.

an attacker to execute arbitrary JavaScript code within the auto login admin management page.

inject arbitrary web script or HTML via the "location" field.

via F12 button, you can seeinject arbitrary web script

an attacker to execute arbitrary JavaScript code within the auto login admin management page.

inject arbitrary web script or HTML via the "system name" field.

via F12 button, you can seeinject arbitrary web script

an attacker to execute arbitrary JavaScript code within the auto login admin management page.

inject arbitrary web script or HTML via the "static multicate forwarding name" field.

via F12 button, you can seeinject arbitrary web script

an attacker to execute arbitrary JavaScript code within the auto login admin management page.

Author

leona4040 commented Jul 9, 2019

test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment