Vulnerability Details CVE-2022-48111
A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.6%
CVSS Severity
CVSS v3 Score 6.1
References
- http://sipe.com
- http://wi400.com
- https://devisions.github.io/blog/cve-2022-48111
- https://labs.yarix.com/2023/02/siri-wi400-xss-on-login-page-cve-2022-48111/
- https://labs.yarix.com/advisories/CVE-2022-48111/
- http://sipe.com
- http://wi400.com
- https://devisions.github.io/blog/cve-2022-48111
- https://labs.yarix.com/2023/02/siri-wi400-xss-on-login-page-cve-2022-48111/
- https://labs.yarix.com/advisories/CVE-2022-48111/
Products affected by CVE-2022-48111
-
cpe:2.3:a:siri-informatica:wi400:11.0
-
cpe:2.3:a:siri-informatica:wi400:8.0
-
cpe:2.3:a:siri-informatica:wi400:8.3
-
cpe:2.3:a:siri-informatica:wi400:8.5
-
cpe:2.3:a:siri-informatica:wi400:9.0
-
cpe:2.3:a:siri-informatica:wi400:9.5