{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3073", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "requesterUserId": "267706bf-c75a-4dca-aafe-11e4a82952d7", "dateReserved": "2022-09-01T06:57:09.197Z", "datePublished": "2022-12-14T08:17:08.816Z", "dateUpdated": "2024-08-03T01:00:10.683Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Bootstrap 2019"], "product": "Schema ST4 example web templates", "vendor": "Quanos", "versions": [{"lessThanOrEqual": "2", "status": "affected", "version": "1", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["Bootstrap 2022", "Bootstrap 2022 SP1", "Bootstrap 2021"], "product": "Schema ST4 example web templates", "vendor": "Quanos", "versions": [{"status": "affected", "version": "1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Quanos \"SCHEMA ST4\" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'."}], "value": "Quanos \"SCHEMA ST4\" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2022-12-14T08:17:08.816Z"}, "references": [{"url": "https://cert.vde.com/de/advisories/VDE-2022-056/"}], "source": {"advisory": "VDE-2022-056", "defect": ["CERT@VDE#64172"], "discovery": "UNKNOWN"}, "title": "Quaonos Schema ST4 example templates prone to XSS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.683Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/de/advisories/VDE-2022-056/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:19_iot_md01_lan_h4_s0011_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "569CCEC3-FD10-4CE3-8B5C-AA63644AACD9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:19_iot_md01_lan_h4_s0011:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5AB2397-1F99-4AE1-B7C6-26302A655126", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_4eu_s2_00000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B41A83B-82CB-461D-82B8-CF498E009AB0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_4eu_s2_00000:-:*:*:*:*:*:*:*", "matchCriteriaId": "74320E31-A4A1-4225-A824-E631DD4AF03D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D503892C-05EE-4CA4-AFD0-5351D0FFA34E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D83BF8B-3E58-45E1-AF9D-1BBA686FDF71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00011_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BE20F9E-D1C2-41DF-B1C4-D3A6980FF116", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00011:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC9BF29F-A06C-4351-8387-6683DD54C585", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md02_4eu_s3_00000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A64FCB4-25DD-42D8-A917-DA8CDFCD01E7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md02_4eu_s3_00000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1960C0B-03ED-4ADF-90D7-01E011A4A295", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:iot-gw30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC22126E-97A4-402E-B272-5ED394EC49BA", "versionEndIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:iot-gw30:-:*:*:*:*:*:*:*", "matchCriteriaId": "B247B94B-4845-4FCC-81E1-4880A7B2B0FE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:iot-gw30-4g-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC118184-9A46-407F-AB65-1E8CB53929D1", "versionEndIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:iot-gw30-4g-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BD44BDA-E67A-4088-AF77-55C0BEC5782B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-ac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCC60AC7-5AFA-4135-803B-1592A83FF57C", "versionEndIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAD85D18-1A66-487D-80B3-C5E1285685DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-iot_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8805CF5B-BB2C-497D-9033-03F0A580FAE1", "versionEndIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-iot:-:*:*:*:*:*:*:*", "matchCriteriaId": "B98578B6-9F39-4616-A240-0A09832A0A92", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Quanos \"SCHEMA ST4\" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'."}, {"lang": "es", "value": "Las plantillas web de ejemplo \"SCHEMA ST4\" de Quanos en la versi\u00f3n Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 o inferior son propensas a la inyecci\u00f3n de JavaScript, lo que permite a un atacante remoto secuestrar sesiones existentes para, por ejemplo, otros servicios web en el mismo entorno o ejecutar scripts. en el entorno del navegador de los usuarios. El script afectado es '*-schema.js'."}], "id": "CVE-2022-3073", "lastModified": "2022-12-16T17:43:10.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2022-12-14T09:15:09.163", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/de/advisories/VDE-2022-056/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}