CVE-2021-21738: XSS
First published: Thu Aug 05 2021(Updated: )
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxiptv Firmware | =zxiptv-eas_pv5.06.04.09 | |
| Zte Zxiptv |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21738?
CVE-2021-21738 is a vulnerability in ZTE's big video business platform that allows for two reflective cross-site scripting (XSS) attacks.
How does CVE-2021-21738 affect users?
The vulnerability allows attackers to perform XSS attacks by tampering with parameters, potentially impacting the operations of legitimate users.
Which software versions are affected by CVE-2021-21738?
The vulnerability affects ZTE ZXIPTV-EAS_PV5.06.04.09 firmware.
What is the severity of CVE-2021-21738?
The severity of CVE-2021-21738 is medium, with a CVSS score of 6.1.
How can I fix CVE-2021-21738?
To fix CVE-2021-21738, users should apply the necessary patch or update provided by ZTE to address the XSS vulnerabilities.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/zte
- canonical/zte zxiptv firmware
- version/zte zxiptv firmware/zxiptv-eas_pv5.06.04.09
- canonical/zte zxiptv