Cross-Site Scripting Vulnerability in Mitsubishi Electric Consumer Electronics
CVE-2022-33322

6.1MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Air Conditioning Msz-fd40/56/63/71/8022s; Air Conditioning Msz-hxv25/28/40/56/63/71/8022s; Air Conditioning Msz-vxv40/56/63/71/8022s; Air Conditioning Msz-zd25/28/40/56/63/71/8022(s)
Vendor: CVE Published:; 8 November 2022

Summary

A cross-site scripting vulnerability exists in various Mitsubishi Electric consumer electronics, allowing remote unauthenticated attackers to execute harmful scripts in a user's browser. This could lead to premature information disclosure and compromise the security of affected devices. An extensive range of product models is subject to this issue, emphasizing the need for proactive security measures. Users are encouraged to review the advisory from Mitsubishi Electric for specific affected versions and recommended mitigations.