Original Release Date: October 19, 2023 Vulnerability ID CVE ID: CVE-2023-41785 CNNVD ID: CNNVD-2023-83945107 CVSS 3.1 Base Score 6.5 Medium (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) Description There is a persistent cross-site scripting (XSS) vulnerability in ZTE ElasticNet UME R32. Due to insufficient input verification, an attacker could implement XSS attacks by entering malicious payload values to steal user’s sensitive information. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ElasticNet_UME_R32 | All versions up to V16.23.20.05 | V16.23.20.06 |
Source The vulnerability was found by ZTE's internal test. Update Records October 19, 2023, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|