Cross-Site Scripting Vulnerability in Schneider Electric SpaceLYnk and Wiser for KNX
CVE-2022-22812

6.1MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Spacelynk (v2.6.2 And Prior), Wiser For Knx (formerly Homelynk) (v2.6.2 And Prior), Fellerlynk (v2.6.2 And Prior)
Vendor: CVE Published:; 9 February 2022

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Schneider Electric's spaceLYnk, Wiser for KNX, and fellerLYnk products, allowing attackers to inject arbitrary JavaScript code. This vulnerability can enable unauthorized access to web sessions, compromising sensitive information and user interactions in affected versions (V2.6.2 and prior). It is crucial for users of these products to implement security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 7, 2022