CVE-2023-22582
Reflected Cross-Site Scripting in Danfoss AK-EM100
CVE | CVE-2023-22582 | |||||||||||
Title | Reflected Cross-Site Scripting in Danfoss AK-EM100 | |||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
CVSS |
Base score:
9
(CRITICAL) |
|||||||||||
References |
|
|||||||||||
Problem type(s) | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||||||||
Date published | ||||||||||||
Last modified | 11 Jun 2023 13:17 UTC |
Description
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.
Workaround(s)
The AK-EM100 has been declared End of Life (EOL). Danfoss advises phasing out this type of device.
JSON version.