Vulnerabilities > CVE-2007-4318 - Cross-Site Scripting vulnerability in Zyxel Zynos and Zywall 2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Exploit-Db
| description | ZyXEL ZyWALL 2 3.62 Forms/General_1 sysSystemName Parameter XSS. CVE-2007-4318. Remote exploit for hardware platform |
| id | EDB-ID:30485 |
| last seen | 2016-02-03 |
| modified | 2007-08-10 |
| published | 2007-08-10 |
| reporter | Henri Lindberg |
| source | https://www.exploit-db.com/download/30485/ |
| title | ZyXEL ZyWALL 2 3.62 Forms/General_1 sysSystemName Parameter XSS |
References
- http://osvdb.org/38721
- http://secunia.com/advisories/26381
- http://securityreason.com/securityalert/3002
- http://www.louhi.fi/advisory/zyxel_070810.txt
- http://www.securityfocus.com/archive/1/476031/100/0/threaded
- http://www.securityfocus.com/bid/25262
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35913