CVE-2022-42974 | Kostal PIKO 1.5-1 file.bootloader.upload.html innerHTML filename cross site scripting

Inserito da Angelo Barbosa | Giu 22, 2024 | CVE

A vulnerability was found in Kostal PIKO 1.5-1. It has been classified as problematic. Affected is the function innerHTML of the file /file.bootloader.upload.html. The manipulation of the argument filename leads to cross site scripting.

This vulnerability is traded as CVE-2022-42974. It is possible to launch the attack remotely. There is no exploit available.

CVE-2022-42974 | Kostal PIKO 1.5-1 file.bootloader.upload.html innerHTML filename cross site scripting

Post correlati

CVE-2023-6950 | DJI Mini 3 Pro prior 01.00.1200 FTP SIZE Command denial of service

CVE-2024-35691 | Marketing Fire Widget Options Plugin up to 5.1.0 on WordPress information disclosure

CVE-2024-0259 | Fortra Robot Schedule Enterprise Agent up to 3.03 on Windows default permission

CVE-2024-48769 | BURG-WCHTER de.burgwachter.keyapp.app 4.5.0 Firmware Update information disclosure