CVE-2026-22637

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-22637
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Configurations

No configuration.

History

15 Jan 2026, 13:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-15 13:16

Updated : 2026-01-16 15:55

NVD link : CVE-2026-22637

Mitre link : CVE-2026-22637

CVE.ORG link : CVE-2026-22637

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')