4.8
CVE-2025-1071
- EPSS 0.34%
- Veröffentlicht 14.02.2025 14:15:32
- Zuletzt bearbeitet 02.03.2026 18:59:10
- Quelle 5d1c2695-1a31-4499-88ae-e84703
- CVE-Watchlists
- Unerledigt
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Watchguard ≫ Fireware Version >= 12.0.0 < 12.11.1
Watchguard ≫ Firebox M270
Watchguard ≫ Firebox M290
Watchguard ≫ Firebox M370
Watchguard ≫ Firebox M390
Watchguard ≫ Firebox M440
Watchguard ≫ Firebox M4600
Watchguard ≫ Firebox M470
Watchguard ≫ Firebox M4800
Watchguard ≫ Firebox M5600
Watchguard ≫ Firebox M570
Watchguard ≫ Firebox M5800
Watchguard ≫ Firebox M590
Watchguard ≫ Firebox M670
Watchguard ≫ Firebox M690
Watchguard ≫ Firebox Nv5
Watchguard ≫ Firebox T20
Watchguard ≫ Firebox T25
Watchguard ≫ Firebox T40
Watchguard ≫ Firebox T45
Watchguard ≫ Firebox T55
Watchguard ≫ Firebox T70
Watchguard ≫ Firebox T80
Watchguard ≫ Firebox T85
Watchguard ≫ Fireboxcloud
Watchguard ≫ Fireboxv
Watchguard ≫ Firebox M290
Watchguard ≫ Firebox M370
Watchguard ≫ Firebox M390
Watchguard ≫ Firebox M440
Watchguard ≫ Firebox M4600
Watchguard ≫ Firebox M470
Watchguard ≫ Firebox M4800
Watchguard ≫ Firebox M5600
Watchguard ≫ Firebox M570
Watchguard ≫ Firebox M5800
Watchguard ≫ Firebox M590
Watchguard ≫ Firebox M670
Watchguard ≫ Firebox M690
Watchguard ≫ Firebox Nv5
Watchguard ≫ Firebox T20
Watchguard ≫ Firebox T25
Watchguard ≫ Firebox T40
Watchguard ≫ Firebox T45
Watchguard ≫ Firebox T55
Watchguard ≫ Firebox T70
Watchguard ≫ Firebox T80
Watchguard ≫ Firebox T85
Watchguard ≫ Fireboxcloud
Watchguard ≫ Fireboxv
Watchguard ≫ Fireware Version >= 12.5 < 12.5.13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.