CVE-2021-35030
https://notcve.org/view.php?id=CVE-2021-35030
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet. Se ha encontrado una vulnerabilidad en el programa CGI de Zyxel GS1900-8 versión del firmware V2.60, que no esterilizaba apropiadamente el contenido de los paquetes y podía permitir a un usuario local autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) por medio de un paquete LLDP diseñado • https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •