CVE-2014-9020

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html	Exploit
http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html	Exploit
http://www.securityfocus.com/archive/1/533930/100/0/threaded
http://www.securityfocus.com/archive/1/533931/100/0/threaded
http://www.securityfocus.com/bid/70984
http://www.securityfocus.com/bid/70985
https://exchange.xforce.ibmcloud.com/vulnerabilities/98584
http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html	Exploit
http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html	Exploit
http://www.securityfocus.com/archive/1/533930/100/0/threaded
http://www.securityfocus.com/archive/1/533931/100/0/threaded
http://www.securityfocus.com/bid/70984
http://www.securityfocus.com/bid/70985
https://exchange.xforce.ibmcloud.com/vulnerabilities/98584

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:zte:zxdsl_831:-:::::::*
	cpe:2.3:h:zte:zxdsl_831cii:-:::::::*

History

21 Nov 2024, 02:20

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html - Exploit~~	() http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html - Exploit
References	~~() http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html - Exploit~~	() http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html - Exploit
References	~~() http://www.securityfocus.com/archive/1/533930/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/533930/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/533931/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/533931/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/70984 -~~	() http://www.securityfocus.com/bid/70984 -
References	~~() http://www.securityfocus.com/bid/70985 -~~	() http://www.securityfocus.com/bid/70985 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/98584 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/98584 -

Information

Published : 2014-11-20 17:50

Updated : 2025-04-12 10:46

NVD link : CVE-2014-9020

Mitre link : CVE-2014-9020

CVE.ORG link : CVE-2014-9020

JSON object : View

Products Affected

zte

zxdsl_831cii
zxdsl_831

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10