6.1
CVE-2022-3073
- EPSS 0.12%
- Published 14.12.2022 09:15:09
- Last modified 21.11.2024 07:18:46
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
Data is provided by the National Vulnerability Database (NVD)
Weidmueller ≫ 19 Iot Md01 Lan H4 S0011 Firmware Version-
Weidmueller ≫ Fp Iot Md01 4eu S2 00000 Firmware Version-
Weidmueller ≫ Fp Iot Md01 Lan S2 00000 Firmware Version-
Weidmueller ≫ Fp Iot Md01 Lan S2 00011 Firmware Version-
Weidmueller ≫ Fp Iot Md02 4eu S3 00000 Firmware Version-
Weidmueller ≫ Iot-gw30 Firmware Version <= 1.16.0
Weidmueller ≫ Iot-gw30-4g-eu Firmware Version <= 1.16.0
Weidmueller ≫ Uc20-wl2000-ac Firmware Version <= 1.16.0
Weidmueller ≫ Uc20-wl2000-iot Firmware Version <= 1.16.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.314 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.