CVE-2020-6876
MEDIUMZTE eVDC ZXCLOUD-iROSV6.03.04 - Stored Cross-Site Scripting in WEB Module
Title source: llmDescription
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013782
Scores
CVSS v3
5.4
EPSS
0.0019
EPSS Percentile
40.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zte/evdc
zxcloud-irosv6.03.04
Published
Oct 26, 2020
Tracked Since
Feb 18, 2026