Zikestor Sks8310 8x Firmware
CVE-2026-25073
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's browser when the stored value is viewed due to improper output encoding.
AnalysisAI
Stored cross-site scripting in Zikestor SKS8310-8X firmware versions 1.04.B07 and earlier allows authenticated users to inject malicious scripts via the System Name field, which execute when other administrators view the configuration. The lack of proper output encoding enables attackers with login credentials to compromise the security of administrative sessions viewing the affected switch settings.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | CVSS 5.4 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker (requires authentication) could exploit this vulnerability to inject arbitrary script content through the System Name field. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems running a stored cross-site scripting vulnerability that allows auth and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Zikestor Sks8310 8x Firmware
View allOS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthe
Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the com
Unauthenticated remote attackers can download sensitive configuration files from ZikeStor SKS8310-8X network switches (f
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today