https://www.exploit-db.com/exploits/23527
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-353

ZyWALL104.07版本的web管理接口存在跨站脚本（XSS）漏洞。远程攻击者可以借助rpAuth_1页注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/9373/info

ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user.

This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</script>

来源:XF
名称:zywall-xss(14163)
链接:http://xforce.iss.net/xforce/xfdb/14163
来源:BID
名称:9373
链接:http://www.securityfocus.com/bid/9373
来源:BUGTRAQ
名称:20040106ZyXEL10OFZyWALLSeriesRouterCrossSiteScriptingVulnerabillity
链接:http://www.securityfocus.com/archive/1/349085
来源:OSVDB
名称:3443
链接:http://www.osvdb.org/3443
来源:SECTRACK
名称:1008644
链接:http://securitytracker.com/id?1008644
来源:OSVDB
名称:12793
链接:http://www.osvdb.org/12793
来源:SECUNIA
名称:10574
链接:http://secunia.com/advisories/10574