A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2022-03-08T11:31:11
Updated: 2024-08-04T03:15:28.699Z
Reserved: 2021-09-21T00:00:00
Link: CVE-2021-41542
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-08T12:15:10.697
Modified: 2024-11-21T06:26:22.987
Link: CVE-2021-41542
Redhat
No data.