CVE-2021-22723

🗓️ 21 Jul 2021 10:43:10Reported by schneiderType

A Cross-site Scripting vulnerability (CVE-2021-22723) allows attacker to carry out actions on behalf of the user in Schneider Electric EVlink products

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	Vulnerability of EVlink City’s parking charging station software. EVlink Parking and EVlink Smart Wallbox are vulnerable due to the lack of measures taken to protect the website structure, allowing attackers to impersonate users who control the charging stations through cross-site scripting.	20 Apr 202300:00	–	bdu_fstec
CNNVD	EVlink City、EVlink Parking 跨站脚本漏洞	21 Jul 202100:00	–	cnnvd
CNVD	EVlink City, EVlink Parking, EVlink Smart Wallbox Cross-Site Scripting Vulnerability (CNVD-2021-62162)	26 Jul 202100:00	–	cnvd
CVE	CVE-2021-22723	21 Jul 202110:43	–	cve
EUVD	EUVD-2021-9858	3 Oct 202520:07	–	euvd
NVD	CVE-2021-22723	21 Jul 202115:15	–	nvd
OSV	CVE-2021-22723	21 Jul 202115:15	–	osv
Prion	Cross site request forgery (csrf)	21 Jul 202115:15	–	prion
RedhatCVE	CVE-2021-22723	9 Jan 202611:22	–	redhatcve

[
  {
    "product": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

21 Jul 2021 10:43Current

6.6Medium risk

Vulners AI Score6.6

EPSS0.00751

CWE-79