Vulnerability Description
A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siri-Informatica | Wi400 | >= 8.0, <= 11.0 |
Related Weaknesses (CWE)
References
- http://sipe.comBroken Link
- http://wi400.comProduct
- https://devisions.github.io/blog/cve-2022-48111ExploitThird Party Advisory
- https://labs.yarix.com/2023/02/siri-wi400-xss-on-login-page-cve-2022-48111/ExploitThird Party Advisory
- https://labs.yarix.com/advisories/CVE-2022-48111/Third Party Advisory
- http://sipe.comBroken Link
- http://wi400.comProduct
- https://devisions.github.io/blog/cve-2022-48111ExploitThird Party Advisory
- https://labs.yarix.com/2023/02/siri-wi400-xss-on-login-page-cve-2022-48111/ExploitThird Party Advisory
- https://labs.yarix.com/advisories/CVE-2022-48111/Third Party Advisory
FAQ
What is CVE-2022-48111?
CVE-2022-48111 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted pay...
How severe is CVE-2022-48111?
CVE-2022-48111 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48111?
Check the references section above for vendor advisories and patch information. Affected products include: Siri-Informatica Wi400.