Phoenix Contact FL SWITCH 2306-2SFP
Moderate fix1 remedy
cpe:2.3:o:phoenixcontact:fl_switch_2306-2sfp_firmware:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- < 3.53
- = 3.50
Phoenix Contact FL SWITCH Products Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the Link Aggregation configuration interface of certain Phoenix Contact FL SWITCH products. This vulnerability allows an unauthenticated remote attacker to inject malicious HTML or JavaScript into a trunk entry. When the affected page is accessed, the injected script executes in the context of the user's browser, potentially leading to unauthorized manipulation of the interface. The vulnerability is present in FL SWITCH 2xxx, FL SWITCH TSN 23xx, and FL SWITCH 59xx firmware versions prior to 3.53.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the victim's browser.
Remediation
Users are advised to update to the latest firmware version 3.53, which addresses this vulnerability.
Added: Mar 18, 2026, 8:50 AM
Updated: Mar 18, 2026, 8:50 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
3.5exploitability
6.0remediation
7.7relevance
4.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.