Vulnerabilities > Schneider Electric > Evlink Parking Evp2Pe Firmware > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-28	CVE-2021-22819	Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric products A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. network low complexity schneider-electric CWE-1021	4.3
2022-01-28	CVE-2021-22822	Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. network low complexity schneider-electric CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.