resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,
References
| Link | Resource |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory |
| https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring | Product |
| https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory |
| https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring | Product |
Configurations
History
21 Nov 2024, 06:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.gruppotim.it/it/footer/red-team.html - Third Party Advisory | |
| References | () https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring - Product |
Information
Published : 2022-06-02 14:15
Updated : 2024-11-21 06:59
NVD link : CVE-2022-29540
Mitre link : CVE-2022-29540
CVE.ORG link : CVE-2022-29540
JSON object : View
Products Affected
resi
- gemini-net
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')