CVE-2022-28717

Name of the Vulnerable Software and Affected Versions Rebooter(WATCH BOOT nino RPC-M2C) versions 1.00A through 1.00D Rebooter(WATCH BOOT light RPC-M5C) all firmware versions Rebooter(WATCH BOOT L-zero RPC-M4L) all firmware versions Rebooter(WATCH BOOT mini RPC-M4H) all firmware versions Rebooter(WATCH BOOT nino RPC-M2CS) versions 1.00A through 1.00D Rebooter(WATCH BOOT light RPC-M5CS) versions 1.00A through 1.00D Rebooter(WATCH BOOT L-zero RPC-M4LS) versions 1.00A through 1.20A Rebooter(Signage Rebooter RPC-M4HSi) version 1.00A PoE Rebooter(PoE BOOT nino PoE8M2) versions 1.00A through 1.20A Scheduler(TIME BOOT mini RSC-MT4H) all firmware versions Scheduler(TIME BOOT RSC-MT8F) all firmware versions Scheduler(TIME BOOT RSC-MT8FP) all firmware versions Scheduler(TIME BOOT mini RSC-MT4HS) versions 1.00A through 1.10A Scheduler(TIME BOOT RSC-MT8FS) versions 1.00A through 1.00E Contact Converter(POSE SE10-8A7B1) versions 1.00A through 1.20A

Description A cross-site scripting issue allows a remote attacker with administrative privileges to inject an arbitrary script via unspecified vectors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.