CVE-2022-36325

Medium

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated…

siemens·CWE-80·Published 2022-08-10

CVSS

4.8

EPSS

0.01

KEV

Exploits

cve.orgen

227 chars

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

NVDen

227 chars

NVDes

256 chars

Los dispositivos afectados no sanean correctamente los datos introducidos por un usuario al renderizar la interfaz web. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código y llevar a un XSS basado en el DOM

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
3.1	Primary	cve.org	6.8	—	—