Vulnerability Details : CVE-2022-28816
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2022-28816
- cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*When used together with: Gavazziautomation » Uwp 3.0 Monitoring Gateway And Controller » Version: N/A
- Gavazziautomation » Uwp 3.0 Monitoring Gateway And Controller Firmware » EDP EditionVersions before (<) 8.5.0.3cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*When used together with: Gavazziautomation » Uwp 3.0 Monitoring Gateway And Controller » Version: N/A EDP Edition
- Gavazziautomation » Uwp 3.0 Monitoring Gateway And Controller Firmware » Security Enhanced EditionVersions before (<) 8.5.0.3cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*When used together with: Gavazziautomation » Uwp 3.0 Monitoring Gateway And Controller » Version: N/A Security Enhanced Edition
- cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-28816
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-28816
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
CERT VDE | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2022-28816
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- info@cert.vde.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2022-28816
-
https://cert.vde.com/en/advisories/VDE-2022-029/
VDE-2022-029 | CERT@VDEThird Party Advisory
Jump to