CVE-2021-23228 HIGH

CVE-2021-23228: Delta Electronics DIAEnergie (Update A)

Vendor Delta Electronics

Product DIAEnergie

Weakness CWE-79 · XSS

Published December 22, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

Key dates

02Disclosure timeline

December 22, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-23228

Related vulnerabilities

04Related CVE

CVE-2024-20269 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability CVE-2025-67960 WordPress WorkScout-Core plugin <= 1.7.06 - Cross Site Scripting (XSS) vulnerability CVE-2025-66090 WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-2492 PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget CVE-2025-30808 WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability