Vulnerabilities > Schneider Electric > Network Management Card 2 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-22810 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. | 4.3 |
| 2022-01-28 | CVE-2021-22811 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. | 4.3 |
| 2022-01-28 | CVE-2021-22812 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. | 4.3 |
| 2022-01-28 | CVE-2021-22813 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. | 4.3 |
| 2022-01-28 | CVE-2021-22814 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. | 4.3 |
| 2022-01-28 | CVE-2021-22815 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. | 5.3 |