Lucene search

BoschCVELIST:CVE-2022-40183

HistoryOct 27, 2022 - 12:00 a.m.

CVE-2022-40183 Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000

2022-10-2700:00:00

CWE-79

bosch

www.cve.org

cve-2022-40183

reflected cross site scripting

videojet

url handler

web-based interface

javascript code

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

31.5%

JSON

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user.

CNA Affected

[
  {
    "vendor": "Bosch",
    "product": "VIDEOJET multi 4000",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "6.31.0010",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html