CVE-2020-15339

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The endpoint live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= does not sanitize user-controlled input, permitting an attacker to inject arbitrary JavaScript or HTML code. The vulnerability is reachable through the web interface without special configuration [1].

Exploitation

An attacker with network access to the SecuManager web interface can craft a malicious URL containing a script_name parameter with embedded script payloads. If an authenticated administrator clicks the link or the injected content is later rendered, the attacker’s script executes in the context of the victim’s browser session. The attack does not require prior authentication beyond the victim’s valid session [1].

Impact

Successful exploitation leads to arbitrary JavaScript execution in the victim’s browser. The attacker could steal session cookies, perform actions on behalf of the administrator, modify displayed content, or redirect to malicious sites, potentially leading to full compromise of the management console’s privileges [1].

Mitigation

Zyxel has not released a patch for this specific XSS issue in the available reference. The recommended mitigation is to restrict network access to the SecuManager web interface to trusted administrators only and to review the product’s lifecycle status. Users should monitor vendor advisories for an official fix [1].