CVE-2022-3073: Quaonos Schema ST4 example templates prone to XSS
First published: Wed Dec 14 2022(Updated: )
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware | ||
| Weidmueller 19 Iot Md01 Lan H4 S0011 | ||
| Weidmueller Fp Iot Md01 4eu S2 00000 Firmware | ||
| Weidmueller Fp Iot Md01 4eu S2 00000 | ||
| Weidmueller Fp Iot Md01 Lan S2 00000 Firmware | ||
| Weidmueller Fp Iot Md01 Lan S2 00000 | ||
| Weidmueller Fp Iot Md01 Lan S2 00011 Firmware | ||
| Weidmueller Fp Iot Md01 Lan S2 00011 | ||
| Weidmueller Fp Iot Md02 4eu S3 00000 Firmware | ||
| Weidmueller Fp Iot Md02 4eu S3 00000 | ||
| Weidmueller Iot-gw30 Firmware | <=1.16.0 | |
| Weidmueller Iot-gw30 | ||
| Weidmueller Iot-gw30-4g-eu Firmware | <=1.16.0 | |
| Weidmueller Iot-gw30-4g-eu | ||
| Weidmueller Uc20-wl2000-ac Firmware | <=1.16.0 | |
| Weidmueller Uc20-wl2000-ac | ||
| Weidmueller Uc20-wl2000-iot Firmware | <=1.16.0 | |
| Weidmueller Uc20-wl2000-iot |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-3073.
What is the severity of CVE-2022-3073?
The severity of CVE-2022-3073 is medium.
What is the affected software of CVE-2022-3073?
The affected software of CVE-2022-3073 includes Quanos SCHEMA ST4 example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below.
What is the impact of CVE-2022-3073?
CVE-2022-3073 allows a remote attacker to hijack existing sessions or execute scripts in the user's browser environment.
How can I fix CVE-2022-3073?
To fix CVE-2022-3073, it is recommended to update the Quanos SCHEMA ST4 example web templates to a version above Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/weidmueller
- canonical/weidmueller 19 iot md01 lan h4 s0011 firmware
- canonical/weidmueller 19 iot md01 lan h4 s0011
- canonical/weidmueller fp iot md01 4eu s2 00000 firmware
- canonical/weidmueller fp iot md01 4eu s2 00000
- canonical/weidmueller fp iot md01 lan s2 00000 firmware
- canonical/weidmueller fp iot md01 lan s2 00000
- canonical/weidmueller fp iot md01 lan s2 00011 firmware
- canonical/weidmueller fp iot md01 lan s2 00011
- canonical/weidmueller fp iot md02 4eu s3 00000 firmware
- canonical/weidmueller fp iot md02 4eu s3 00000
- canonical/weidmueller iot-gw30 firmware
- version/weidmueller iot-gw30 firmware/1.16.0
- canonical/weidmueller iot-gw30
- canonical/weidmueller iot-gw30-4g-eu firmware
- version/weidmueller iot-gw30-4g-eu firmware/1.16.0
- canonical/weidmueller iot-gw30-4g-eu
- canonical/weidmueller uc20-wl2000-ac firmware
- version/weidmueller uc20-wl2000-ac firmware/1.16.0
- canonical/weidmueller uc20-wl2000-ac
- canonical/weidmueller uc20-wl2000-iot firmware
- version/weidmueller uc20-wl2000-iot firmware/1.16.0
- canonical/weidmueller uc20-wl2000-iot