CVE-ID: CVE-2022-35137

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. The platform does not output encode JS payloads such as <script>alert(document.cookie)</script>. These are instances of stored XSS that can be abused to steal admin user cookies.


References:

https://owasp.org/www-community/attacks/xss/

Popular posts from this blog

CVE-ID: CVE-2022-35135, CVE-2022-35136

CVE-ID: CVE-2022-35134

CVE-ID: CVE-2022-34020