CVE-2022-40184 MEDIUM

CVE-2022-40184: Stored Cross Site Scripting (XSS) in VIDEOJET multi 4000

Vendor Bosch

Product VIDEOJET multi 4000

Weakness CWE-79 · XSS

Published October 27, 2022

Last update May 9, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.

Key dates

02Disclosure timeline

October 27, 2022 CVE published

May 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40184 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-40184

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions