Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-J2WH-RP49-235F
Vulnerability from github – Published: 2026-03-18 09:30 – Updated: 2026-03-18 09:30
VLAI?
Details
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
Severity ?
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2026-22322"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-18T08:16:30Z",
"severity": "HIGH"
},
"details": "A stored cross\u2011site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim\u2019s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.",
"id": "GHSA-j2wh-rp49-235f",
"modified": "2026-03-18T09:30:28Z",
"published": "2026-03-18T09:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22322"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-104"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
CVE-2026-22322 (GCVE-0-2026-22322)
Vulnerability from cvelistv5 – Published: 2026-03-18 07:34 – Updated: 2026-03-18 13:31
VLAI?
EPSS
Title
Stored Cross‑Site Scripting in Link Aggregation Name Handling
Summary
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | FL SWITCH 2005 |
Affected:
0.0.0 , < 3.53
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Gabriele Quagliarella from Nozomi Networks
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T13:31:42.480068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T13:31:55.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2005",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2008",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2016",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2105",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2108",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2116",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2204-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2205",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX SM",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX SM ST",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX ST",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206C-2FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2207-FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2207-FX SM",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2208",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2208 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2208C",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2212-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2FX SM",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2216",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2216 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2304-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2306-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2306-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2308",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2308 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2312-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2314-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2314-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2316",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2316 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2404-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2406-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2406-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2408",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2408 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2412-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2414-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2414-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2416",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2416 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2504-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2506-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2506-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2508",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2508 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2512-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2514-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2514-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2516",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2516 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2608",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2608 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2708",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2708 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2303-8SP1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL NAT 2008",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL NAT 2208",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL NAT 2304-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2008F",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2316/K1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2506-2SFP/K1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2508/K1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH TSN 2316",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH TSN 2312-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH TSN 2314-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 5924-4GC",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 5916-8GC-4SFP+",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 5924SFP-4GC",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 5924-4SFP+",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 5916SFP-8GC-4SFP+",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.53",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gabriele Quagliarella from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored cross\u2011site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim\u2019s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.\u003cbr\u003e"
}
],
"value": "A stored cross\u2011site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim\u2019s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T07:34:49.656Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-104"
}
],
"source": {
"advisory": "VDE-2025-104",
"defect": [
"CERT@VDE#641898"
],
"discovery": "UNKNOWN"
},
"title": "Stored Cross\u2011Site Scripting in Link Aggregation Name Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22322",
"datePublished": "2026-03-18T07:34:49.656Z",
"dateReserved": "2026-01-07T11:49:15.178Z",
"dateUpdated": "2026-03-18T13:31:55.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…