← Back to CVEs
CVE-2022-3073
MEDIUM6.1
Description
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
CVE Details
CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published12/14/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
weidmueller:19_iot_md01_lan_h4_s0011weidmueller:19_iot_md01_lan_h4_s0011_firmwareweidmueller:fp_iot_md01_4eu_s2_00000weidmueller:fp_iot_md01_4eu_s2_00000_firmwareweidmueller:fp_iot_md01_lan_s2_00000weidmueller:fp_iot_md01_lan_s2_00000_firmwareweidmueller:fp_iot_md01_lan_s2_00011weidmueller:fp_iot_md01_lan_s2_00011_firmwareweidmueller:fp_iot_md02_4eu_s3_00000weidmueller:fp_iot_md02_4eu_s3_00000_firmwareweidmueller:iot-gw30weidmueller:iot-gw30-4g-euweidmueller:iot-gw30-4g-eu_firmwareweidmueller:iot-gw30_firmwareweidmueller:uc20-wl2000-acweidmueller:uc20-wl2000-ac_firmwareweidmueller:uc20-wl2000-iotweidmueller:uc20-wl2000-iot_firmware
Weaknesses (CWE)
CWE-79
References
https://cert.vde.com/de/advisories/VDE-2022-056/(info@cert.vde.com)
https://cert.vde.com/de/advisories/VDE-2022-056/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.