CVE-2022-0734

N/A

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Zyxel USG/ZyWALL 跨站脚本漏洞

Zyxel USG/ZyWALL是中国合勤科技（Zyxel）公司的一款防火墙。 Zyxel USG/ZyWALL 4.35-4.70、USG FLEX 4.50-5.20、ATP 4.35-5.20和VPN 4.35-5.20版本中的CGI程序存在跨站脚本漏洞，该漏洞源于存在输入验证错误，攻击者利用该漏洞可进行跨站点脚本攻击。

N/A

N/A