Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 | Mitigation Third Party Advisory US Government Resource |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.5 |
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 - Mitigation, Third Party Advisory, US Government Resource |
Information
Published : 2022-03-10 17:46
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24432
Mitre link : CVE-2022-24432
CVE.ORG link : CVE-2022-24432
JSON object : View
Products Affected
ipcomm
- ipdio
- ipdio_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')