CVE-2018-15602
MEDIUMZyxel VMG3312 B10B Firmware - Stored Cross-Site Scripting via Hostname Parameter
Title source: llmDescription
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/f4lcone/e786fa8fc2919c8ec6f90d8a7ba555ea
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zyxel/vmg3312_b10b_firmware
Published
Aug 26, 2018
Tracked Since
Feb 18, 2026