CVE-2023-41781
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 10, 2024
Updated: Jan 17, 2024
CWE ID 79
CWE ID 20
Summary
CVE-2023-41781 is a cross-site scripting (XSS) vulnerability affecting the ZTE MF258 device. Due to insufficient input validation in the SMS interface parameter, an attacker can inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. This issue poses a significant risk to users and requires an immediate patch or mitigation strategy.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- ZTE Corporation