4.8

CVE-2026-6059

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNEC Platforms, Ltd.
Produkt Aterm WX1800HP
Default Statusunknown
Version Before Ver. 3.2.2
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm WX5400HP
Default Statusunknown
Version Before Ver. 2.1.0
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm WX7800T8
Default Statusunknown
Version Before Ver. 1.5.1
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm WX11000T12
Default Statusunknown
Version Before Ver. 1.4.0
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm WX3000HP2
Default Statusunknown
Version Before Ver. 1.3.2
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm WX4200D5
Default Statusunknown
Version Before Ver. 1.3.5
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm GX621A1
Default Statusunknown
Version Before Ver. 3.2.2
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm SH621A1
Default Statusunknown
Version Before Ver. 3.2.2
Status affected
HerstellerNEC Platforms, Ltd.
Produkt Aterm 19000T12BE
Default Statusunknown
Version Before Ver. 1.1.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.075
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt-info@cyber.jp.nec.com 4.8 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://jpn.nec.com/security-info/secinfo/nv26-002_en.html