Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
7DescriptionCVE.org
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
AnalysisAI
A cross-site scripting vulnerability (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.
Technical ContextAI
CWE-79 (Cross-site Scripting). CVSS 7.1 indicates high severity.
RemediationAI
Monitor vendor channels for patch availability.
More in Fl Switch 2005
View allArbitrary command execution with root privileges affects multiple Fl Switch and Fl Nat devices through improper handling
A CSRF vulnerability in A CSRF vulnerability in the Link Aggregation configuration interface (CVSS 7.1) that allows an u
A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file ins
A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vu
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12791