CVE-2022-43376
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
18/04/2023
Last modified:
25/04/2023
Description
<br />
<br />
<br />
A CWE-79: Improper Neutralization of Input During Web Page Generation (&#39;Cross-site<br />
Scripting&#39;) vulnerability exists that could cause code and session manipulation when malicious<br />
code is inserted into the browser.<br />
<br />
Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0<br />
<br />
and prior)
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:netbotz_355_firmware:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.7.0 (including) |
| cpe:2.3:h:schneider-electric:netbotz_355:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:netbotz_450_firmware:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.7.0 (including) |
| cpe:2.3:h:schneider-electric:netbotz_450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:netbotz_455_firmware:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.7.0 (including) |
| cpe:2.3:h:schneider-electric:netbotz_455:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:netbotz_550_firmware:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.7.0 (including) |
| cpe:2.3:h:schneider-electric:netbotz_550:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:netbotz_570_firmware:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.7.0 (including) |
| cpe:2.3:h:schneider-electric:netbotz_570:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page