← Zuruck zu CVEs
CVE-2022-3073
MEDIUM6.1
Beschreibung
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht12/14/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
weidmueller:19_iot_md01_lan_h4_s0011weidmueller:19_iot_md01_lan_h4_s0011_firmwareweidmueller:fp_iot_md01_4eu_s2_00000weidmueller:fp_iot_md01_4eu_s2_00000_firmwareweidmueller:fp_iot_md01_lan_s2_00000weidmueller:fp_iot_md01_lan_s2_00000_firmwareweidmueller:fp_iot_md01_lan_s2_00011weidmueller:fp_iot_md01_lan_s2_00011_firmwareweidmueller:fp_iot_md02_4eu_s3_00000weidmueller:fp_iot_md02_4eu_s3_00000_firmwareweidmueller:iot-gw30weidmueller:iot-gw30-4g-euweidmueller:iot-gw30-4g-eu_firmwareweidmueller:iot-gw30_firmwareweidmueller:uc20-wl2000-acweidmueller:uc20-wl2000-ac_firmwareweidmueller:uc20-wl2000-iotweidmueller:uc20-wl2000-iot_firmware
Schwachen (CWE)
CWE-79
Referenzen
https://cert.vde.com/de/advisories/VDE-2022-056/(info@cert.vde.com)
https://cert.vde.com/de/advisories/VDE-2022-056/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.