Search criteria
2 vulnerabilities found for zywall_2_plus_internet_security_appliance_firmware by zyxel
CVE-2021-46387 (GCVE-0-2021-46387)
Vulnerability from nvd – Published: 2022-03-01 14:04 – Updated: 2024-08-04 05:02
VLAI
Summary
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.zyxel.com/us/en/support/security_advi… | x_refsource_MISC |
| https://www.zyxel.com/uk/en/products_services/zyw… | x_refsource_MISC |
| https://drive.google.com/drive/folders/1_XfWBLqxT… | x_refsource_MISC |
| http://packetstormsecurity.com/files/166189/Zyxel… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:02:11.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T18:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/us/en/support/security_advisories.shtml",
"refsource": "MISC",
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
},
{
"name": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml",
"refsource": "MISC",
"url": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml"
},
{
"name": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing"
},
{
"name": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46387",
"datePublished": "2022-03-01T14:04:41.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:02:11.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46387 (GCVE-0-2021-46387)
Vulnerability from cvelistv5 – Published: 2022-03-01 14:04 – Updated: 2024-08-04 05:02
VLAI
Summary
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.zyxel.com/us/en/support/security_advi… | x_refsource_MISC |
| https://www.zyxel.com/uk/en/products_services/zyw… | x_refsource_MISC |
| https://drive.google.com/drive/folders/1_XfWBLqxT… | x_refsource_MISC |
| http://packetstormsecurity.com/files/166189/Zyxel… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:02:11.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T18:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/us/en/support/security_advisories.shtml",
"refsource": "MISC",
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
},
{
"name": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml",
"refsource": "MISC",
"url": "https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml"
},
{
"name": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing"
},
{
"name": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46387",
"datePublished": "2022-03-01T14:04:41.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:02:11.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}