CVE-2021-22291 | THREATINT

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.

PUBLISHED Reserved 2021-01-05 | Published 2025-10-07 | Updated 2025-10-07 | Assigner ABB

HIGH: 8.5CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

Any version before 3.9.2

affected

Default status

unaffected

Any version before 3.9.2

affected

Credits

ABB acknowledges and thanks Psytester for responsibly disclosing the vulnerabilities and helping to verify the resolving implementation. finder

References

search.abb.com/...geCode=en&DocumentPartId=pdf&Action=Launch

cve.org (CVE-2021-22291)

nvd.nist.gov (CVE-2021-22291)

Download JSON

help @ threatint.eu