216.73.217.86

CVE-2026-22322

· Published 18/03/2026 08:16 · Modified 18/03/2026 14:52

Labels: CVE-2026-22322 2026-03-18CVE-2026-22322CWE-79[email protected]

Essential information

Published
18/03/2026 08:16
Modified
18/03/2026 14:52
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CVSS metrics

Description

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / link aggregation cpe:2.3:a:*:link_aggregation:*:*:*:*:*:*:*:*

References