GHSA-9r25-j996-8h38

Опубликовано: 11 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

Ссылки

EPSS

Процентиль: 52%

0.00287

Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-36325

Дефекты

CWE-79

CWE-80

Связанные уязвимости

CVE-2022-36325

CVSS3: 6.8

nvd

больше 3 лет назад

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

BDU:2022-04990

CVSS3: 6.8

fstec

больше 3 лет назад

Уязвимость программно-аппаратного обеспечения Siemens, связанная с непринятием мер по нейтрализации script-related тэгов HTML на веб-странице, позволяющая нарушителю осуществить межсайтовые сценарные атаки

EPSS

Процентиль: 52%

0.00287

Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-36325

Дефекты

CWE-79

CWE-80