exploitDog

CVE-2022-40190

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 8.8

CVSS3: 9.6

EPSS Низкий

Описание

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-02
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:sauter-controls:moduweb_firmware:2.7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

8.8 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rc73-rxx3-qqfc

CVSS3: 9.6

github

больше 2 лет назад

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials.

EPSS

Процентиль: 45%

0.00226

Низкий

8.8 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-79