Sign-up

ID

VAR-202003-0923


CVE

CVE-2019-13495


TITLE

ZyXEL Zyxel XGS2210-52HP cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-23417 // CNNVD: CNNVD-202003-1743

DESCRIPTION

In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. Zyxel XGS2210-52HP Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. ZyXEL Zyxel XGS2210-52HP is a managed switch of ZyXEL (ZyXEL) company in Taiwan. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-13495 // JVNDB: JVNDB-2019-015229 // CNVD: CNVD-2020-23417

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-23417

AFFECTED PRODUCTS

vendor:zyxelmodel:xgs2210-52hpscope:eqversion:4.50

Trust: 2.4

sources: CNVD: CNVD-2020-23417 // JVNDB: JVNDB-2019-015229 // NVD: CVE-2019-13495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13495
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015229
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-23417
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1743
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-13495
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015229
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-23417
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13495
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015229
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-23417 // JVNDB: JVNDB-2019-015229 // CNNVD: CNNVD-202003-1743 // NVD: CVE-2019-13495

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-015229 // NVD: CVE-2019-13495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1743

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-1743

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015229

PATCH
title:Top Pageurl:https://www.zyxel.com/homepage.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015229

EXTERNAL IDS
db:NVDid:CVE-2019-13495
Trust: 3.0
db:JVNDBid:JVNDB-2019-015229
Trust: 0.8
db:CNVDid:CNVD-2020-23417
Trust: 0.6
db:CNNVDid:CNNVD-202003-1743
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-23417 // 
            
            
            
            JVNDB: JVNDB-2019-015229 // 
            
            
            
            CNNVD: CNNVD-202003-1743 // 
            
            
            
            NVD: CVE-2019-13495

REFERENCES
url:https://gist.github.com/leona4040/6541e3b11da6ea7675d0498d0db98832
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13495
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13495
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015229 // 
            
            
            
            CNNVD: CNNVD-202003-1743 // 
            
            
            
            NVD: CVE-2019-13495

SOURCES
db:CNVDid:CNVD-2020-23417
db:JVNDBid:JVNDB-2019-015229
db:CNNVDid:CNNVD-202003-1743
db:NVDid:CVE-2019-13495

LAST UPDATE DATE
2024-11-23T22:11:36.082000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-23417date:2020-04-17T00:00:00
db:JVNDBid:JVNDB-2019-015229date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1743date:2020-04-03T00:00:00
db:NVDid:CVE-2019-13495date:2024-11-21T04:25:00.633

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-23417date:2020-04-17T00:00:00
db:JVNDBid:JVNDB-2019-015229date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1743date:2020-03-31T00:00:00
db:NVDid:CVE-2019-13495date:2020-03-31T18:15:26.507