CVE-2022-23397

Name of the Vulnerable Software and Affected Versions Cedar Gate EZ-NET portal versions 6.5.5 through 6.8.0

Description The issue arises from a call to display messages to users that does not properly sanitize data sent through a URL parameter, leading to a Reflected Cross-Site Scripting vulnerability. The vendor disputes this vulnerability due to a lack of clear steps for reproduction.

Recommendations For versions 6.5.5 through 6.8.0, consider disabling the functionality that displays messages to users until a proper fix is implemented to sanitize the URL parameter. Restrict access to the vulnerable URL parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.