CVE-2026-22322

Summary

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactFL SWITCH 20050.0.0 < 3.53affected
Phoenix ContactFL SWITCH 20080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 20160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 21050.0.0 < 3.53affected
Phoenix ContactFL SWITCH 21080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 21160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2204-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 22050.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX SM0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX SM ST0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX ST0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206C-2FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2207-FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2207-FX SM0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 22080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2208 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2208C0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2212-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2FX SM0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 22160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2216 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2304-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2306-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2306-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 23080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2308 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2312-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2314-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2314-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 23160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2316 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2404-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2406-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2406-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 24080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2408 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2412-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2414-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2414-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 24160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2416 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2504-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2506-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2506-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 25080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2508 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2512-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2514-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2514-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 25160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2516 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 26080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2608 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 27080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2708 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2303-8SP10.0.0 < 3.53affected
Phoenix ContactFL NAT 20080.0.0 < 3.53affected
Phoenix ContactFL NAT 22080.0.0 < 3.53affected
Phoenix ContactFL NAT 2304-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2008F0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2316/K10.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2506-2SFP/K10.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2508/K10.0.0 < 3.53affected
Phoenix ContactFL SWITCH TSN 23160.0.0 < 3.53affected
Phoenix ContactFL SWITCH TSN 2312-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH TSN 2314-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5924-4GC0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5916-8GC-4SFP+0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5924SFP-4GC0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5924-4SFP+0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5916SFP-8GC-4SFP+0.0.0 < 3.53affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References