5.4
CVE-2022-41311
- EPSS 1.05%
- Veröffentlicht 07.02.2023 17:15:10
- Zuletzt bearbeitet 04.11.2025 20:16:11
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text"
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moxa ≫ Sds-3008 Firmware Version <= 2.1
Moxa ≫ Sds-3008-t Firmware Version <= 2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.772 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| talos-cna@cisco.com | 4.3 | 0.9 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.