CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21738
https://notcve.org/view.php?id=CVE-2021-21738
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09> La plataforma de negocios de vídeo grande de ZTE presenta dos vulnerabilidades de tipo cross-site scripting (XSS) reflejadas. Debido a la insuficiente verificación de entrada, el atacante podría implementar ataques de tipo XSS al manipular los parámetros, para afectar las operaciones de usuarios válidos. Esto afecta a: • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016764 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •