CVE-2022-41311

Name of the Vulnerable Software and Affected Versions Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1

Description A stored cross-site scripting issue exists in the web application functionality. This can be triggered by a specially-crafted HTTP request, leading to arbitrary Javascript execution. The vulnerability is related to insufficient protection of the web page structure when handling the Switch Location field in the Switch Information section. An attacker can exploit this by sending a crafted HTTP request. The form field webLocationMessage text is specifically mentioned as being involved.

Recommendations For Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1, consider disabling the web application functionality or restricting access to the Switch Information section until a patch is available. Avoid using the webLocationMessage text form field in the affected web application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.