CVE-2023-41781

Summary

There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

Affected Software

VendorProductVersion RangeStatus
ZTEMF258ZTE_STD_V1.0.0B08 <= ZTE_STD_V1.0.0B10affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References