CVE-2022-41312 — Cross-site Scripting in Sds-3008-t Firmware

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

1.1%

top 22.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Sds-3008-t Firmware Moxa Sds-3008 Firmware Moxa Sds-3008 Series Industrial Ethernet Switch

Timeline

PublishedFeb 7

Description

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description"

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5moxa/sds-3008_series_industrial_ethernet_switch2.1

▶NVDmoxa/sds-3008_firmware2.1

▶NVDmoxa/sds-3008-t_firmware2.1

🔴Vulnerability Details

GHSA

GHSA-rhxp-9ff4-3fcp: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2↗2023-02-07

▶

CVEList

CVE-2022-41312: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2↗2023-02-07

▶