CVE-2021-23228

MEDIUM WAF: High

CVSS 6.1 Published: 2021-12-22

CWE-79

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
deltaww	diaenergie	up to 1.7.5

References

www.cisa.gov (Third Party Advisory, US Government Resource)

Back to CVE Database