CVE-2022-42786
published 2022-11-10CVE-2022-42786: Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.43%
34.3th percentile
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wiesemann_theis | at-modem-emulator | >= 1.0 < 1.48 | 1.48 |
| wiesemann_theis | com-server | >= 1.0 < 1.48 | 1.48 |
| wiesemann_theis | com-server_20ma | >= 1.0 < 1.48 | 1.48 |
| wiesemann_theis | com-server_highspeed_100basefx | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_100baselx | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_19_1port | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_19_4port | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_compact | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_industry | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_isolated | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_oem | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_office_1_port | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_office_4_port | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_highspeed_poe | >= 1.0 < 1.76 | 1.76 |
| wiesemann_theis | com-server_lc | >= 1.0 < 1.48 | 1.48 |
| wiesemann_theis | com-server_poe_3_x_isolated | >= 1.0 < 1.48 | 1.48 |
| wiesemann_theis | com-server_ul | >= 1.0 < 1.48 | 1.48 |
| wut | at-modem-emulator_firmware | < 1.48 | 1.48 |
| wut | com-server_+_+_firmware | < 1.48 | 1.48 |
| wut | com-server_20ma_firmware | < 1.48 | 1.48 |
| wut | com-server_highspeed_100basefx_firmware | < 1.76 | 1.76 |
| wut | com-server_highspeed_100baselx_firmware | < 1.76 | 1.76 |
| wut | com-server_highspeed_19_1port_firmware | < 1.76 | 1.76 |
| wut | com-server_highspeed_19_4port_firmware | < 1.76 | 1.76 |
| wut | com-server_highspeed_compact_firmware | < 1.76 | 1.76 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-10
Published