CVE-2022-22812

Name of the Vulnerable Software and Affected Versions spaceLYnk versions 2.6.2 and prior Wiser for KNX (formerly homeLYnk) versions 2.6.2 and prior fellerLYnk versions 2.6.2 and prior

Description A Cross-site Scripting issue exists, allowing an attacker to inject and execute arbitrary malicious JavaScript code inside the target browser, potentially compromising the web session. This is due to improper neutralization of input during web page generation. The vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations For spaceLYnk versions 2.6.2 and prior, update to a version later than 2.6.2 to resolve the issue. For Wiser for KNX (formerly homeLYnk) versions 2.6.2 and prior, update to a version later than 2.6.2 to resolve the issue. For fellerLYnk versions 2.6.2 and prior, update to a version later than 2.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.