Skip to the content.

CVE-2023-22582

Reflected Cross-Site Scripting in Danfoss AK-EM100

CVE CVE-2023-22582
Title Reflected Cross-Site Scripting in Danfoss AK-EM100
Credits
Affected products
Product Affected Unaffected Unknown
Danfoss AK-EM100 = < 2.2.0.12 ()
everything else
CVSS Base score: 9 (CRITICAL)
References
Problem type(s) CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Date published
Last modified 11 Jun 2023 13:17 UTC

Description

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

Workaround(s)

The AK-EM100 has been declared End of Life (EOL). Danfoss advises phasing out this type of device.


JSON version.