Lucene search

[email protected]CVE-2022-40183

HistoryOct 27, 2022 - 5:15 p.m.

CVE-2022-40183

2022-10-2717:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-40183

url handler

videojet

multi 4000

cross site scripting

xss

security vulnerability

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user.

Affected configurations

NVD

Node

boschvideojet_multi_4000_firmwareRange≤6.31.0010

AND

boschvideojet_multi_4000Match-

CPENameOperatorVersion
bosch:videojet_multi_4000_firmwarebosch videojet multi 4000 firmwarele6.31.0010

CPE	Name	Operator	Version
bosch:videojet_multi_4000_firmware	bosch videojet multi 4000 firmware	le	6.31.0010

CNA Affected

[
  {
    "vendor": "Bosch",
    "product": "VIDEOJET multi 4000",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "6.31.0010",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html

Social References