Zyxel : Security Vulnerabilities, CVEs, Published In 2019 (XSS)
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
Max CVSS
6.1
EPSS Score
0.36%
Published
2019-06-27
Updated
2019-06-28
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.
Max CVSS
5.4
EPSS Score
0.07%
Published
2019-04-09
Updated
2019-04-09
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
Max CVSS
6.1
EPSS Score
5.82%
Published
2019-04-22
Updated
2019-04-30
3 vulnerabilities found