CVE-2019-3414

Published: Jul 22, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen.

Vendor	Product	Versions
ZTE	OTCP	affected `< 1.19.20.02`

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010883

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-3414

Description

Affected Products

References