CVE-2026-25073
- EPSS 0.01%
- Veröffentlicht 07.03.2026 00:20:06
- Zuletzt bearbeitet 12.03.2026 14:55:15
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject mal...
CVE-2026-25072
- EPSS 0.19%
- Veröffentlicht 07.03.2026 00:20:05
- Zuletzt bearbeitet 12.03.2026 14:56:31
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict sessi...
CVE-2026-25071
- EPSS 0.08%
- Veröffentlicht 07.03.2026 00:20:04
- Zuletzt bearbeitet 12.03.2026 15:00:02
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers c...
CVE-2026-25070
- EPSS 0.28%
- Veröffentlicht 07.03.2026 00:20:03
- Zuletzt bearbeitet 12.03.2026 15:11:20
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Att...