CVE-2022-22812
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
09/02/2022
Last modified:
16/02/2022
Description
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:* | 2.6.2 (including) | |
| cpe:2.3:h:schneider-electric:spacelynk:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:wiser_for_knx_firmware:*:*:*:*:*:*:*:* | 2.6.2 (including) | |
| cpe:2.3:h:schneider-electric:wiser_for_knx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:fellerlynk_firmware:*:*:*:*:*:*:*:* | 2.6.2 (including) | |
| cpe:2.3:h:schneider-electric:fellerlynk:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page