CVE-2025-15505

LOW
2026-01-11 [email protected]
XSS
2.4
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 11, 2026 - 02:15 nvd
LOW 2.4

DescriptionNVD

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond with a technical statement.

AnalysisAI

A vulnerability was found in Luxul XWR-600 versions up to 4.0.1. is affected by cross-site scripting (xss) (CVSS 2.4).

Technical ContextAI

This vulnerability (CWE-79: Cross-site Scripting (XSS)) affects A vulnerability was found in Luxul XWR-600. was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond with a technical statement.

Affected ProductsAI

Product: A vulnerability was found in Luxul XWR-600. Versions: up to 4.0.1..

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Share

CVE-2025-15505 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy