CVE-2022-35612

Name of the Vulnerable Software and Affected Versions MQTTRoute versions 3.3 and below

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.

Recommendations For versions 3.3 and below, consider disabling the dashboard name text field until a patch is available to prevent exploitation. Restrict access to the dashboard to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.