4.1
CVE-2025-48470
- EPSS 0.02%
- Veröffentlicht 24.06.2025 02:19:33
- Zuletzt bearbeitet 09.07.2025 15:21:40
- Quelle 5f57b9bf-260d-4433-bf07-b6a79e
- CVE-Watchlists
- Unerledigt
LoginSuccessful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advantech ≫ Wise-4010lan Firmware Version-
Advantech ≫ Wise-4050lan Firmware Version-
Advantech ≫ Wise-4060lan Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.043 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | 4.1 | 0.7 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.