CVE-2021-35030
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Published: Jul 26, 2021 / Updated: 39mo ago
010
CVSS 4.3EPSS 0.04%Medium
CVE info copied to clipboard
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2021-35030. See article
Jul 26, 2021 at 11:29 AM / twitter.com
EPSS
EPSS Score was set to: 0.04% (Percentile: 5.7%)
Oct 10, 2023 at 7:12 AM
Affected Systems
Zyxel/gs1900-10hp_firmware
+null more
Patches
www.zyxel.com
+null more
Attack Patterns
CAPEC-209: XSS Using MIME Type Mismatch
+null more
News
New post from (CVE-2021-35030 (gs1900-10hp_firmware, gs1900-16_firmware, gs1900-24_firmware, gs1900-24e_firmware, gs1900-24ep_firmware, gs1900-24hp_firmware, gs1900-24hpv2_firmware, gs1900-48_firmware, ...) has been published on
New post from sesin.at (CVE-2021-35030 (gs1900-10hp_firmware, gs1900-16_firmware, gs1900-24_firmware, gs1900-24e_firmware, gs1900-24ep_firmware, gs1900-24hp_firmware, gs1900-24hpv2_firmware, gs1900-48_firmware, ...) has been published on sesin.at/2021/08/13/cve… - www.sesin.at (@www_sesin_at) 07:35 - Aug 13, 2021
New post from (CVE-2021-35030 (gs1900-10hp_firmware, gs1900-16_firmware, gs1900-24_firmware, gs1900-24e_firmware, gs1900-24ep_firmware, gs1900-24hp_firmware, gs1900-24hpv2_firmware, gs1900-48_firmware, ...) has been published on
New post from sesin.at (CVE-2021-35030 (gs1900-10hp_firmware, gs1900-16_firmware, gs1900-24_firmware, gs1900-24e_firmware, gs1900-24ep_firmware, gs1900-24hp_firmware, gs1900-24hpv2_firmware, gs1900-48_firmware, ...) has been published on sesin.at/2021/08/13/cve… - Wolfgang Sesin (@WolfgangSesin) 07:35 - Aug 13, 2021
🚨 NEW: CVE-2021-35030 🚨 A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform... (click for more) Severity: MEDIUM
🚨 NEW: CVE-2021-35030 🚨 A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform... (click for more) Severity: MEDIUM nvd.nist.gov/vuln/detail/CV… - Threat Intel Center (@threatintelctr) 06:00 - Aug 13, 2021
Vulnerability Summary for the Week of July 26, 2021
MISC omeka -- omeka Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Vendor -- Product Description Published CVSS Score Source & Patch Info learning_management_system_project -- learning_management_system SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
Cross-site scripting in Zyxel GS1900 Series Switches
A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
See 17 more articles and social media posts