CVE-2022-38814: XSS
First published: Thu Sep 15 2022(Updated: )
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fiberhome An5506-02-b Firmware | =rp2521 | |
| FiberHome AN5506-02-B |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-38814.
What is the severity of CVE-2022-38814?
The severity of CVE-2022-38814 is medium with a CVSS score of 5.4.
Which component of FiberHome AN5506-02-B vRP2521 is affected by CVE-2022-38814?
The auth_settings component of FiberHome AN5506-02-B vRP2521 is affected by CVE-2022-38814.
How does CVE-2022-38814 allow attackers to carry out the attack?
CVE-2022-38814 allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the sncfg_loid text field.
Is FiberHome AN5506-02-B vulnerable to CVE-2022-38814?
No, FiberHome AN5506-02-B is not vulnerable to CVE-2022-38814.
Is there a fix available for CVE-2022-38814?
It is recommended to apply the latest firmware update provided by FiberHome to fix CVE-2022-38814.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fiberhome
- canonical/fiberhome an5506-02-b firmware
- version/fiberhome an5506-02-b firmware/rp2521
- canonical/fiberhome an5506-02-b