Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Aug 2, 2024
CVE-2023-27990
CVE-2023-27990
Description
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10>=4.30 <=5.35+ 1 more
- (no CPE)range: >=4.30 <=5.35
- (no CPE)range: 4.30 through 5.35
>=4.16 <=5.35+ 1 more
- (no CPE)range: >=4.16 <=5.35
- (no CPE)range: 4.16 through 5.35
>=4.32 <=5.35+ 1 more
- (no CPE)range: >=4.32 <=5.35
- (no CPE)range: 4.32 through 5.35
>=4.50 <=5.35+ 1 more
- (no CPE)range: >=4.50 <=5.35
- (no CPE)range: 4.50 through 5.35
- Zyxel/USG20(W)-VPN firmwarev5Range: 4.16 through 5.35
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.