|
Original release date: May 10, 2022 CVE ID CVE-2022-23137 CVSS 3.1 Base Score 5.7 Medium (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N) Description ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXCDN | ZXCDN-IAMV8.01.01.02 | ZXCDN-IAMV8.01.01.02 SP1 |
Source The vulnerability was found by ZTE's internal test. Update Records May 10, 2022, initial. June 27, 2022, updated affected version. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|