CVE-2019-3413
MEDIUMZTE NetNumen DAP Firmware < 20.18.40.r7.b1 - Cross-Site Scripting
Title source: llmDescription
All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010797
Scores
CVSS v3
5.4
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zte/netnumen_dap_firmware
< 20.18.40.r7.b1
Published
Jun 11, 2019
Tracked Since
Feb 18, 2026