Lucene search
CVE-2022-4286
A XSS vulnerability in B&R Automation Runtime <=C4.9
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime | 14 Feb 202314:25 | – | cvelist |
 | CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime | 14 Feb 202314:25 | – | vulnrichment |
 | B&R Systems Diagnostics Manager Cross Site Scripting | 15 Feb 202300:00 | – | packetstorm |
 | Cross site scripting | 14 Feb 202315:15 | – | prion |
 | B&R Systems Diagnostics Manager | 29 Mar 202317:05 | – | ics |
 | CVE-2022-4286 | 14 Feb 202315:15 | – | nvd |
Node
[
{
"defaultStatus": "unaffected",
"modules": [
"System Diagnostics Manager"
],
"product": "B&R Automation Runtime",
"vendor": "B&R Industrial Automation",
"versions": [
{
"lessThanOrEqual": "C4.93",
"status": "affected",
"version": ">=3.00",
"versionType": "custom"
}
]
}
]| Source | Link |
|---|---|
| br-automation | www.br-automation.com/downloads_br_productcatalogue/assets/1675607299099-en-original-1.0.pdf |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| service | query param | /sdm/cgiFileLoop.cgi | Reflected XSS vulnerability allowing execution of arbitrary JavaScript through crafted URL. | CWE-79 |
| type | query param | /sdm/cgiFileLoop.cgi | Reflected XSS vulnerability allowing execution of arbitrary JavaScript through crafted URL. | CWE-79 |
| scope | query param | /sdm/cgiFileLoop.cgi | Reflected XSS vulnerability allowing execution of arbitrary JavaScript through crafted URL. | CWE-79 |
| module | query param | /sdm/cgiFileLoop.cgi | Reflected XSS vulnerability allowing execution of arbitrary JavaScript through crafted URL. | CWE-79 |
| option | query param | /sdm/cgiFileLoop.cgi | Reflected XSS vulnerability allowing execution of arbitrary JavaScript through crafted URL. | CWE-79 |
| type | query param | /sdm/svg.cgi | Another reflected XSS vulnerability that allows execution of JavaScript in user's browser context. | CWE-79 |
| index | query param | /sdm/svg.cgi | Another reflected XSS vulnerability that allows execution of JavaScript in user's browser context. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Feb 2023 15:15Current
6Medium risk
Vulners AI Score6
CVSS36.1
EPSS0.00164
SSVC