Ipdio Firmware
CVE-2022-21146
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history.
AnalysisAI
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history. Affected products include: Ipcomm Ipdio Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Ipdio Firmware
View allThe absence of filters when loading some sections in the web application of the vulnerable device allows attackers to in
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to in
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today