Ipdio Firmware
CVE-2022-24432
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).
AnalysisAI
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). Affected products include: Ipcomm Ipdio Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Ipdio Firmware
View allThe absence of filters when loading some sections in the web application of the vulnerable device allows attackers to in
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to in
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arb
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today