Unrated severityNVD Advisory· Published Jul 21, 2021· Updated Aug 3, 2024

CVE-2021-22722

Description

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters.

Affected products

Schneider Electric/EVlink Citydescription
Schneider Electric/EVLink Parkingllm-fuzzy
Range: < R8 V3.4.0.1
Schneider Electric/EVlink Cityllm-fuzzy
Range: < R8 V3.4.0.1
Schneider Electric/EVlink Smart Wallboxllm-fuzzy
Range: < R8 V3.4.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

download.schneider-electric.com/filesmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000