Lucene search
HistoryOct 27, 2022 - 9:15 p.m.
CVE-2022-41555
cve-2022-41555
diaenergie
cross-site scripting
api
vulnerability
nvd
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
22.6%
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
Affected configurations
Node
deltawwdiaenergieRange<1.9.01.002
| CPE | Name | Operator | Version |
|---|---|---|---|
| deltaww:diaenergie | deltaww diaenergie | lt | 1.9.01.002 |
CNA Affected
[
{
"vendor": "Delta Electronics",
"product": "DIAEnergie",
"versions": [
{
"version": "All",
"status": "affected",
"lessThan": "v1.9.01.002",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-10-27 21:15:00
cvelist
cvelist
CVE-2022-41555 Delta Electronics DIAEnergie
2022-10-25 00:00:00
nvd
nvd
CVE-2022-41555
2022-10-27 21:15:15
ics
ics
Delta Electronics DIAEnergie (Update B)
2023-02-16 12:00:00
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
22.6%
Related for CVE-2022-41555