Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| weidmueller | 19_iot_md01_lan_h4_s0011_firmware | - | - |
| weidmueller | fp_iot_md01_4eu_s2_00000_firmware | - | - |
| weidmueller | fp_iot_md01_lan_s2_00000_firmware |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
9
Affected Products
2
References
weidmueller / 19_iot_md01_lan_h4_s0011_firmware
| - |
| - |
| weidmueller | fp_iot_md01_lan_s2_00011_firmware | - | - |
| weidmueller | fp_iot_md02_4eu_s3_00000_firmware | - | - |
| weidmueller | iot-gw30_firmware | 1.16.0 | - |
| weidmueller | iot-gw30-4g-eu_firmware | 1.16.0 | - |
| weidmueller | uc20-wl2000-ac_firmware | 1.16.0 | - |
| weidmueller | uc20-wl2000-iot_firmware | 1.16.0 | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability
Impact