CVE-2018-7355 – ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-7355

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. Las versiones hasta la V1.0.0B05 de ZTE MF65 y todas las versiones hasta la V1.0.0B02 de ZTE MF65M1 se han visto impactadas por una vulnerabilidad de Cross-Site Scripting (XSS). Debido a la neutralización incorrecta de las entradas durante la generación de páginas web, un atacante podría explotar esta vulnerabilidad para realizar ataques de Cross-Site Scripting (XSS) reflejado o inyección HTML en los dispositivos. ZTE MF65 BD_HDV6MF65V1.0.0B05 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46102 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •