Vulnerability Description
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gavazziautomation | Cpy Car Park Server | < 2.8.3 |
| Gavazziautomation | Uwp 3.0 Monitoring Gateway And Controller Firmware | < 8.5.0.3 |
| Gavazziautomation | Uwp 3.0 Monitoring Gateway And Controller | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2022-029/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-029/Third Party Advisory
FAQ
What is CVE-2022-28816?
CVE-2022-28816 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
How severe is CVE-2022-28816?
CVE-2022-28816 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-28816?
Check the references section above for vendor advisories and patch information. Affected products include: Gavazziautomation Cpy Car Park Server, Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller Firmware, Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller.