CVE-2022-41313

Name of the Vulnerable Software and Affected Versions Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1

Description A stored cross-site scripting issue exists in the web application functionality, allowing arbitrary Javascript execution through a specially-crafted HTTP request. The vulnerability is related to insufficient protection of the web page structure when handling the Contact Information field in the Switch Information section. An attacker can exploit this by sending an HTTP request, potentially leading to the execution of arbitrary JavaScript code. The form field id="switch contact" is specifically mentioned as being involved in this issue.

Recommendations For Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1, consider disabling the web application functionality or restricting access to the Switch Information section until a patch is available. As a temporary workaround, avoid using the form field id="switch contact" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.