CVSS: 6.1EPSS: 0%CPEs: 76EXPL: 0CVE-2023-49225
https://notcve.org/view.php?id=CVE-2023-49225
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. Existe una vulnerabilidad de Cross-Site-Scripting en los productos Ruckus Access Point (ZoneDirector, SmartZone y AP Solo). Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesión en el producto. • https://jvn.jp/en/jp/JVN45891816 https://support.ruckuswireless.com/security_bulletins/323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6230
https://notcve.org/view.php?id=CVE-2017-6230
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems. Ruckus Networks Solo APs, en versiones de firmware R110.x o anteriores y Ruckus Networks SZ managed APs, en versiones de firmware R5.x o anteriores, contienen inyección de comandos root autenticados en la interfaz gráfica de usuario web que podrían permitir que usuarios autenticados válidos ejecuten comandos privilegiados en los respectivos sistemas. • https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •