2 matches found
CVE-2022-21937
CVE-2022-21937 affects Johnson Controls Metasys ADS/ADX/OAS Servers (versions 10 prior to 10.1.5 and 11 prior to 11.0.2). The issue is an improper neutralization of input during web page generation (cross-site scripting), enabling injection and storage of malicious code into the web interface. Th...
CVE-2022-21937 Metasys CSS
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface...