CVE-2022-29732

Name of the Vulnerable Software and Affected Versions Delta Controls enteliTOUCH versions 3.33.4005, 3.40.3706, 3.40.3935

Description A cross-site scripting (XSS) issue was found, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload, specifically through the Username parameter.

Recommendations For versions 3.33.4005, 3.40.3706, and 3.40.3935, avoid using the Username parameter in a way that could introduce malicious input until a fix is available. As a temporary workaround, consider validating and sanitizing all input for the Username parameter to prevent XSS attacks.