Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting CVE-2021-46387 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IPV4,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting CVE-2021-46387 Scanner Detail

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.

Some Advice for Common Problems

  • You need to apply related fixes.
  • Sanitize all parameters received as input from the user.
  • Enable CSP (Content Security Policy) with a correct value. CSP aids in the enforcement of security best practices by restricting various actions and limiting the number of origins.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service