CVE-2022-41312

Name of the Vulnerable Software and Affected Versions Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1

Description A stored cross-site scripting issue exists in the web application functionality, allowing arbitrary Javascript execution through a specially-crafted HTTP request. The vulnerability is related to insufficient protection of the web page structure when handling the switch description field in the Switch Information section. An attacker can exploit this by sending an HTTP request to trigger the issue, potentially leading to the execution of arbitrary JavaScript code. The form field id="Switch Description" and name="switch description" are specifically implicated.

Recommendations For Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1, consider disabling the web application functionality or restricting access to the Switch Information section until a patch is available. As a temporary workaround, avoid using the switch description field in the affected form until the issue is resolved.