ID
VAR-E-201011-0642
EDB ID
35012
TITLE
ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting - Multiple webapps Exploit
Trust: 0.6
DESCRIPTION
ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting.. webapps exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | zyxel | model: | p-660r-t1 | scope: | eq | version: | v2 | Trust: 1.6 |
| vendor: | zyxel | model: | p-660r-t1 | scope: | eq | version: | v20 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/45027/info
ZyXEL P-660R-T1 V2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/Forms/home_1?&HomeCurrent_Date='<sCript>alert(1);</ScRiPt>'01%2F01%2F2000
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'HomeCurrent_Date' Cross-Site Scripting
Trust: 1.0
CREDITS
Usman Saeed
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 35012 | Trust: 1.9 |
| db: | BID | id: | 45027 | Trust: 1.9 |
| db: | EDBNET | id: | 56262 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/45027/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/35012/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/35012 | Trust: 0.3 |
| url: | http://www.zyxel.com/web/product_category.php?pc1indexflag=20040812093058 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 45027 |
| db: | EXPLOIT-DB | id: | 35012 |
| db: | EDBNET | id: | 56262 |
LAST UPDATE DATE
2022-07-27T09:38:23.960000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 45027 | date: | 2010-11-23T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 45027 | date: | 2010-11-23T00:00:00 |
| db: | EXPLOIT-DB | id: | 35012 | date: | 2010-11-23T00:00:00 |
| db: | EDBNET | id: | 56262 | date: | 2010-11-23T00:00:00 |