Vulnerability Details CVE-2019-20070
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE
- https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf
- https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html
- https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE
- https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf
- https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html
Products affected by CVE-2019-20070
-
cpe:2.3:h:netis-systems:dl4343:-
-
cpe:2.3:o:netis-systems:dl4343_firmware:-