A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
05 Sep 2024, 14:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zyxel usg Flex 100ax
Zyxel usg 20w-vpn Zyxel usg Flex 200 Zyxel usg Flex 100 Zyxel atp700 Zyxel usg Flex 500 Zyxel atp800 Zyxel atp500 Zyxel atp100 Zyxel usg Flex 700 Zyxel usg Flex 100w Zyxel usg Flex 50w Zyxel usg Flex 50 Zyxel Zyxel atp100w Zyxel zld Firmware Zyxel atp200 |
|
References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024 - Vendor Advisory | |
CPE | cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Sep 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 03:15
Updated : 2024-09-05 14:32
NVD link : CVE-2024-42061
Mitre link : CVE-2024-42061
CVE.ORG link : CVE-2024-42061
JSON object : View
Products Affected
zyxel
- usg_flex_100
- zld_firmware
- atp800
- usg_20w-vpn
- usg_flex_50
- usg_flex_100ax
- usg_flex_700
- usg_flex_100w
- usg_flex_200
- usg_flex_500
- usg_flex_50w
- atp500
- atp700
- atp200
- atp100w
- atp100
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')