Skip to content

Instantly share code, notes, and snippets.

@leona4040

leona4040/test Secret

Created Jul 9, 2019
Embed
What would you like to do?
In firmware version 4.50 of Zyxel XGS2210-52HP, Multiple stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via rpSys.html.
@leona4040

This comment has been minimized.

Copy link
Owner Author

@leona4040 leona4040 commented Jul 9, 2019

Product:Zyxel XGS2210-52HP
FW version info:4.50
firmware
inject arbitrary web script or HTML via the "port_setup name" field.
port_setup
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
port_setup2

inject arbitrary web script or HTML via the "classifier config name" field.
classifier config2
via F12 button, you can seeinject arbitrary web script
classifier config3
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
classifier config

inject arbitrary web script or HTML via the "filter name" field.
filter
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
filter2

inject arbitrary web script or HTML via the "location" field.
location
via F12 button, you can seeinject arbitrary web script
location2
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
location3

inject arbitrary web script or HTML via the "system name" field.
system name
via F12 button, you can seeinject arbitrary web script
system name3
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
system name2

inject arbitrary web script or HTML via the "static multicate forwarding name" field.
static multicate forwarding
via F12 button, you can seeinject arbitrary web script
static mac forwarding 2
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
static mac forwarding

@leona4040

This comment has been minimized.

Copy link
Owner Author

@leona4040 leona4040 commented Jul 9, 2019

test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.