Vulnerability CVE-2022-36325

Vulnerability CVE-2022-36325

Published: 2022-08-10

Description:

A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

Type:

CWE-80

(Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))

References:

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Copyright 2024, cxsecurity.com