CVE-2022-21238

Medium

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted…

talos·CWE-80·Published 2022-05-12

CVSS

6.1

EPSS

0.01

KEV

Exploits

cve.orgen

263 chars

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.

NVDen

263 chars

NVDes

321 chars

Se presenta una vulnerabilidad de tipo cross-site scripting (xss) en la funcionalidad info.jsp de InHand Networks InRouter302 versión V3.5.4. Una petición HTTP especialmente diseñada puede conllevar a una ejecución arbitraria de Javascript. Un atacante puede enviar una petición HTTP para desencadenar esta vulnerabilidad

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.0	Primary	cve.org	5.4	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N