Lucene search

TalosCVELIST:CVE-2022-41313

HistoryFeb 07, 2023 - 4:52 p.m.

CVE-2022-41313

2023-02-0716:52:03

CWE-79

talos

www.cve.org

cross-site scripting

moxa sds-3008

industrial ethernet switch

http request

javascript execution

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

18.8%

JSON

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=“switch_contact”

CNA Affected

[
  {
    "vendor": "Moxa",
    "product": "SDS-3008 Series Industrial Ethernet Switch",
    "versions": [
      {
        "version": "2.1",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1619

www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities