|
Original release date: July 15, 2021 CVE ID CVE-2021-217378 CVSS 3.1 Base Score 2.9 Low(AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Description ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXIPTV | ZXIPTV-EAS_PV5.06.04.09 | ZXIPTV-EAS-PV7.01.05.01 |
Source The vulnerability was found by ZTE's internal test. Update Records July 15, 2021, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|