CVE-2022-2140 HIGH

CVE-2022-2140: Elcomplus SmartICS Cross-site Scripting

Vendor Elcomplus

Product SmartICS

Weakness CWE-79 · XSS

Published June 27, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.

Key dates

02Disclosure timeline

June 27, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2140 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-21259 Stored XSS in slide mode CVE-2022-45812 WordPress Exxp Plugin <= 2.6.8 is vulnerable to Cross Site Scripting (XSS) CVE-2023-26536 WordPress Sp*tify Play Button for WordPress Plugin <= 2.05 is vulnerable to Cross Site Scripting (XSS) CVE-2024-49693 WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06