CVE-2026-22322

{"id": "CVE-2026-22322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.8}]}, "published": "2026-03-18T08:16:30.000", "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-104", "source": "info@cert.vde.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A stored cross\u2011site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim\u2019s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en la interfaz de configuraci\u00f3n de Agregaci\u00f3n de Enlaces permite a un atacante remoto no autenticado crear una entrada de troncal que contenga c\u00f3digo HTML/JavaScript malicioso. Cuando se visualiza la p\u00e1gina afectada, el script inyectado se ejecuta en el contexto del navegador de la v\u00edctima, lo que permite acciones no autorizadas como la manipulaci\u00f3n de la interfaz. La cookie de sesi\u00f3n est\u00e1 protegida por la bandera httpOnly. Por lo tanto, un atacante no puede tomar el control de la sesi\u00f3n de un usuario autenticado."}], "lastModified": "2026-04-27T19:22:08.623", "sourceIdentifier": "info@cert.vde.com"}