CVE-2022-45087

Name of the Vulnerable Software and Affected Versions Smartpower Web versions prior to 23.01.01

Description The issue affects Smartpower Web, allowing Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. This enables attackers to inject malicious scripts into web pages.

Recommendations For versions prior to 23.01.01, update to version 23.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive web pages and input fields to minimize the risk of exploitation. Avoid using user-supplied input in the generation of web pages until the issue is resolved.