Werk #9523: Reflected Cross Site Scripting (XSS)
Component | Firmware |
Title | Reflected Cross Site Scripting (XSS) |
Date | Apr 4, 2023 |
Level | Trivial Change |
Class | Bug Fix |
Compatibility | Compatible - no manual interaction needed |
Appliance Version | 1.6.4 |
Prior to this Werk an attacker could send malicious links to unsuspecting users in order to inject malicious HTML code into the browser of the user.
This vulnerability was identified through a commissioned penetration test conducted by OPTIMAbit (Roman Mueller).
Vulnerability Management: We have rated the issue with a CVSS Score of 6.1 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. We assigned CVE-2023-22309 to this vulnerability.
Changes: This Werk adds escaping to URL parameter keys.