CVE-2022-23312

CVE-2022-23312

Vendor Siemens
Product Spectrum Power 4
Weakness CWE-79 · XSS
Published February 9, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link.

Key dates

02Disclosure timeline

February 9, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-24570 Statamic account takeover via XSS and password reset link CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode CVE-2021-26947 CVE-2024-41845 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-47227 WordPress Social Feed | All social media in one place Plugin <= 1.5.4.6 is vulnerable to Cross Site Scripting (XSS)