Skip to content

Instantly share code, notes, and snippets.

@leona4040

leona4040/test Secret

Created July 9, 2019 16:54
Show Gist options
  • Save leona4040/6541e3b11da6ea7675d0498d0db98832 to your computer and use it in GitHub Desktop.
Save leona4040/6541e3b11da6ea7675d0498d0db98832 to your computer and use it in GitHub Desktop.
In firmware version 4.50 of Zyxel XGS2210-52HP, Multiple stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via rpSys.html.
@leona4040
Copy link
Author

Product:Zyxel XGS2210-52HP
FW version info:4.50
firmware
inject arbitrary web script or HTML via the "port_setup name" field.
port_setup
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
port_setup2

inject arbitrary web script or HTML via the "classifier config name" field.
classifier config2
via F12 button, you can seeinject arbitrary web script
classifier config3
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
classifier config

inject arbitrary web script or HTML via the "filter name" field.
filter
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
filter2

inject arbitrary web script or HTML via the "location" field.
location
via F12 button, you can seeinject arbitrary web script
location2
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
location3

inject arbitrary web script or HTML via the "system name" field.
system name
via F12 button, you can seeinject arbitrary web script
system name3
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
system name2

inject arbitrary web script or HTML via the "static multicate forwarding name" field.
static multicate forwarding
via F12 button, you can seeinject arbitrary web script
static mac forwarding 2
an attacker to execute arbitrary JavaScript code within the auto login admin management page.
static mac forwarding

@leona4040
Copy link
Author

test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment