The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.
Credits
Chizuru Toyama of TXOne IoT/ICS Security Research Labs of Trend Micro reported this vulnerability to CISA.
