← Volver a CVEs
CVE-2022-3073
MEDIUM6.1
Descripcion
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado12/14/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
weidmueller:19_iot_md01_lan_h4_s0011weidmueller:19_iot_md01_lan_h4_s0011_firmwareweidmueller:fp_iot_md01_4eu_s2_00000weidmueller:fp_iot_md01_4eu_s2_00000_firmwareweidmueller:fp_iot_md01_lan_s2_00000weidmueller:fp_iot_md01_lan_s2_00000_firmwareweidmueller:fp_iot_md01_lan_s2_00011weidmueller:fp_iot_md01_lan_s2_00011_firmwareweidmueller:fp_iot_md02_4eu_s3_00000weidmueller:fp_iot_md02_4eu_s3_00000_firmwareweidmueller:iot-gw30weidmueller:iot-gw30-4g-euweidmueller:iot-gw30-4g-eu_firmwareweidmueller:iot-gw30_firmwareweidmueller:uc20-wl2000-acweidmueller:uc20-wl2000-ac_firmwareweidmueller:uc20-wl2000-iotweidmueller:uc20-wl2000-iot_firmware
Debilidades (CWE)
CWE-79
Referencias
https://cert.vde.com/de/advisories/VDE-2022-056/(info@cert.vde.com)
https://cert.vde.com/de/advisories/VDE-2022-056/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.