CVE-2022-23312

Name of the Vulnerable Software and Affected Versions Spectrum Power 4 versions prior to V4.70 SP9 Security Patch 1

Description A Cross-Site Scripting (XSS) vulnerability has been identified in the integrated web application "Online Help" of the affected product. This issue could be exploited if unsuspecting users are tricked into accessing a malicious link, potentially allowing a remote attacker to perform cross-site scripting attacks. The vulnerability is related to the lack of protection of the web page structure.

Recommendations For versions prior to V4.70 SP9 Security Patch 1, update to V4.70 SP9 Security Patch 1 to resolve the issue. As a temporary workaround, consider restricting access to the "Online Help" web application until the patch is applied. Avoid using links from untrusted sources to minimize the risk of exploitation.