There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
References
Link | Resource |
---|---|
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: zte
Published: 2022-03-30T16:01:59
Updated: 2022-03-30T16:01:59
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-23136
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-30T16:15:11.400
Modified: 2022-04-07T17:05:39.457
Link: CVE-2022-23136
JSON object: View
Redhat Information
No data.
CWE