CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf Mitigation Vendor Advisory
Configurations

Configuration 1


Information

Published : 2022-08-10 12:15

Updated : 2023-02-23 04:18


NVD link : CVE-2022-36325

Mitre link : CVE-2022-36325

Products Affected
CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)