漏洞描述
Zyxel ZyWall、USG和UAG设备允许远程攻击者通过err_msg参数free_time_failed.cgicgi程序(也称为反射式跨站点脚本)注入任意web脚本或HTML。
Zyxel ZyWal/USG/UAG Devices XSS(CVE-2019-12581)
PoC代码
暂无相关漏洞推荐
-
CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass POC
2025-09-01 | Zyxel NBG2105 V1.00(AAGU.2)C0On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator acces... -
CVE-2022-0342: Zyxel authentication bypass patch analysis POC
2025-09-01 | ZyxelAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio... -
CVE-2022-30525: Zyxel Firewall - OS Command Injection POC
2025-09-01 | Zyxel FirewallAn OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions ... -
CVE-2019-0193: Apache Solr Remote Code Execution POC
2025-09-01 | Apache Solr2019 年 08 月 01 日,Apache Solr 官方发布预警,Apache Solr DataImport 功能 在开启 Debug 模式时,可以接收来自请求的”dataConfig”参数,... -
CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC
2025-09-01 | Apache StrutsApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag ...