ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

IPCOMM ipDIO 跨站脚本漏洞

IPCOMM ipDIO是德国IPCOMM公司的一种遥控通信设备。用于记录数字和模拟输入并控制数字输出。 IPCOMM ipDIO 存在跨站脚本漏洞，该漏洞允许经过身份验证的远程攻击者通过将 XSS 有效负载注入特定字段来引入任意 JavaScript。当合法用户尝试上传、复制、下载或删除现有配置（管理服务）时，将执行 XSS 有效负载。

N/A

N/A