Skip to the content.

CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100

CVE CVE-2023-22585
Discovered by
  • Jony Schats and Stan Plasmeijer (HackDefense)
Credits
Affected products
Product Affected Unaffected Unknown
Danfoss AK-EM 100 = < 2.2.0.12
everything else
Page author Max van der Horst
CVSS Base score: 9 (CRITICAL)
References
Problem type(s) CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Last modified 25 May 2023 17:55

Description

The Danfoss AK-EM 100 web applications allow for Reflected Cross-Site Scripting in the title parameter.


JSON version