exploitDog

CVE-2022-22804

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07
Patch
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:*:*:*:*:*:*:*:*

Версия до 2020 (включая)

EPSS

Процентиль: 66%

0.00504

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m9fg-jg2j-wc72

github

почти 4 года назад

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

EPSS

Процентиль: 66%

0.00504

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79