CVE-2022-48111

Name of the Vulnerable Software and Affected Versions SIPE s.r.l WI400 versions 8 through 11

Description A cross-site scripting (XSS) issue in the check login function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. This enables the execution of malicious code, potentially leading to unauthorized access or data theft.

Recommendations For SIPE s.r.l WI400 versions 8 through 11, consider disabling the check login function until a patch is available to prevent exploitation. Restrict access to the f parameter in affected API endpoints to minimize the risk of arbitrary code execution.