Severity by source
AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
Analysis
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
Technical ContextAI
Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.
RemediationAI
Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.
More in Wise 4060lan Firmware
View allA privilege escalation vulnerability (CVSS 9.6) that allows an unauthenticated attacker. Risk factors: public PoC availa
CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to r
A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that al
A remote code execution vulnerability (CVSS 5.0) that allows an unauthenticated attacker. Remediation should follow stan
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block ot
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18992