EUVD-2025-18192
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
3Tags
Description
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Analysis
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Technical Context
Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding. This vulnerability is classified as Protection Mechanism Failure (CWE-693).
Affected Products
Affected products: Sick Baggage Analytics, Sick Field Analytics, Sick Logistic Diagnostic Analytics, Sick Media Server, Sick Package Analytics
Remediation
Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today