cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-22804,https://securityvulnerability.io/vulnerability/CVE-2022-22804,Cross-Site Scripting Vulnerability in EcoStruxure Power Monitoring Expert by Schneider Electric,"There exists a cross-site scripting (XSS) vulnerability in EcoStruxure Power Monitoring Expert that allows an authenticated attacker to inject malicious scripts. This vulnerability can enable attackers to manipulate web pages and potentially view sensitive data, alter configuration settings, or disrupt the software's availability when users interact with compromised pages containing the malicious payload. The issue primarily affects versions of the product released in 2020 and earlier. It is essential for users to apply necessary updates and security best practices to mitigate the risk of exploitation.",Schneider Electric,Ecostruxure Power Monitoring Expert (versions 2020 And Prior),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-04T22:29:39.000Z,0
CVE-2022-22726,https://securityvulnerability.io/vulnerability/CVE-2022-22726,Improper Input Validation in Schneider Electric EcoStruxure Power Monitoring Expert,"An improper input validation flaw exists in Schneider Electric's EcoStruxure Power Monitoring Expert that permits authenticated users to access arbitrary files on the server. This vulnerability arises from a limited operating system service account, which could potentially allow unauthorized data exposure. Users utilizing versions of this product released in 2020 and earlier should be aware and take precautionary measures to safeguard their systems.",Schneider Electric,Ecostruxure Power Monitoring Expert (versions 2020 And Prior),6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-02-04T22:29:38.000Z,0
CVE-2022-22727,https://securityvulnerability.io/vulnerability/CVE-2022-22727,Improper Input Validation in EcoStruxure Power Monitoring Expert by Schneider Electric,"An improper input validation vulnerability exists in EcoStruxure Power Monitoring Expert that enables unauthenticated attackers to view sensitive data, modify system settings, or disrupt service availability. This issue arises when users interact with specially crafted links, which may also compromise a user's local machine. The vulnerability primarily affects version 2020 and earlier of the product, highlighting the importance of prompt security measures to safeguard against potential exploitation.",Schneider Electric,Ecostruxure Power Monitoring Expert (versions 2020 And Prior),8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2022-02-04T22:29:38.000Z,0