MEDIUM✓ PATCH🇬🇧 English

CVE-2022-41313

CVSS 5.4v3.1pub. 2023-02-07upd. 2025-11-04

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact"

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Moxa Sds 3008

    HW
    Moxa
    wszystkie wersje
  • Moxa Sds 3008 Firmware

    OS
    Moxa
    ≤ 2.1
  • Moxa Sds 3008 T

    HW
    Moxa
    wszystkie wersje
  • Moxa Sds 3008 T Firmware

    OS
    Moxa
    ≤ 2.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-40224HIGH7.5ten sam produkt

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Et...

CVE-2022-40693HIGH7.5ten sam produkt

A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Ind...

CVE-2022-40691MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series In...

CVE-2022-41311MEDIUM5.4ten sam produkt

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Serie...

CVE-2022-41312MEDIUM5.4ten sam produkt

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Serie...

CVE-2022-41313 — MEDIUM 5.4 | CVEbaza.pl