1 results (0.001 seconds)

CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. Varias páginas de configuración del dispositivo son vulnerables a ataques de tipo XSS (Cross-Site Scripting) reflejados. Un atacante autorizado con privilegios de usuario puede usar esto para conseguir acceso a información confidencial en un PC que sea conectado al WBM después de haber sido comprometido • https://cert.vde.com/en/advisories/VDE-2022-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •