Headline
CVE-2022-35134: CVE-ID: CVE-2022-35134
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
The application does not enforce input validation and output sanitization in multiple functionalities.
Example 1: domain name can be set to <script>alert(1)</script>
Example 2: A lower privilege user can change their name to include a XSS payload, and target the admin user
**References:
**
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html