Vulnerability Details CVE-2019-10634
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2019-10634
-
cpe:2.3:h:zyxel:nas326:-
-
cpe:2.3:o:zyxel:nas326_firmware:-
-
cpe:2.3:o:zyxel:nas326_firmware:5.21