Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-05T13:23:06
Updated: 2024-08-04T22:32:01.018Z
Reserved: 2019-03-31T00:00:00
Link: CVE-2019-10677
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-09-05T14:15:10.973
Modified: 2019-09-09T15:17:34.507
Link: CVE-2019-10677
Redhat
No data.