VYPR
Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Aug 2, 2024

CVE-2023-27990

CVE-2023-27990

Description

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Zyxel/VPN seriesllm-fuzzy2 versions
    >=4.30 <=5.35+ 1 more
    • (no CPE)range: >=4.30 <=5.35
    • (no CPE)range: 4.30 through 5.35
  • Zyxel/USG FLEX 50(W)llm-fuzzy2 versions
    >=4.16 <=5.35+ 1 more
    • (no CPE)range: >=4.16 <=5.35
    • (no CPE)range: 4.16 through 5.35
  • Zyxel/USG20-VPNllm-fuzzy
    Range: >=4.16 <=5.35
  • Zyxel/ATP seriesllm-fuzzy2 versions
    >=4.32 <=5.35+ 1 more
    • (no CPE)range: >=4.32 <=5.35
    • (no CPE)range: 4.32 through 5.35
  • Zyxel/USG FLEX seriesllm-fuzzy2 versions
    >=4.50 <=5.35+ 1 more
    • (no CPE)range: >=4.50 <=5.35
    • (no CPE)range: 4.50 through 5.35
  • Zyxel/USG20(W)-VPN firmwarev5
    Range: 4.16 through 5.35

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.