Vulnerability Description
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxcdn Firmware | < zxcdn-iamv8.01.01.02 |
| Zte | Zxcdn | - |
Related Weaknesses (CWE)
References
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024404Vendor Advisory
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024404Vendor Advisory
FAQ
What is CVE-2022-23137?
CVE-2022-23137 is a vulnerability with a CVSS score of 6.1 (MEDIUM). ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
How severe is CVE-2022-23137?
CVE-2022-23137 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23137?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxcdn Firmware, Zte Zxcdn.