CVE-2021-20994

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 39.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 0852-0303 Wago 0852-1305 Wago 0852-1305/000-001 +7 more

Timeline

PublishedMay 13

Latest updateMay 24

Description

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5wago/0852-0303unspecified — V1.2.3.S0

▶CVEListV5wago/0852-1305unspecified — V1.1.7.S0

▶CVEListV5wago/0852-1505unspecified — V1.1.6.S0

▶CVEListV5wago/0852-1305/000-001unspecified — V1.0.4.S0

▶CVEListV5wago/0852-1505/000-001unspecified — V1.0.4.S0

🔴Vulnerability Details

GHSA

GHSA-pvcx-jpfw-6gm6: In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code i↗2022-05-24

▶

CVEList

WAGO: Managed Switches: Reflected Cross-site Scripting↗2021-05-13

▶