Skip to main content

Iview EUVDEUVD-2025-21084

| CVE-2025-53519 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-07-11 ics-cert@hq.dhs.gov
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
5.7.05
EUVD ID Assigned
Mar 16, 2026 - 08:17 euvd
EUVD-2025-21084
Analysis Generated
Mar 16, 2026 - 08:17 vuln.today
CVE Published
Jul 11, 2025 - 00:15 nvd
MEDIUM 5.4

DescriptionCVE.org

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

Analysis

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

More in Iview

View all
CVE-2022-2143 CRITICAL POC
9.8 Jul 22

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execut

CVE-2021-22652 CRITICAL POC
9.8 Feb 11

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow a

CVE-2023-3983 HIGH POC
8.8 Jul 31

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. Rated high s

CVE-2022-3323 HIGH POC
7.5 Sep 27

An SQL injection vulnerability in Advantech iView 5.7.04.6469. Rated high severity (CVSS 7.5), this vulnerability is rem

CVE-2022-2139 CRITICAL
9.8 Jul 22

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and

CVE-2021-32930 CRITICAL
9.8 Jun 11

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change

CVE-2021-22658 CRITICAL
9.8 Feb 11

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalat

CVE-2020-16245 CRITICAL
9.8 Aug 25

Advantech iView, Versions 5.7 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,

CVE-2020-14503 CRITICAL
9.8 Jul 15

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Rated critical severity (CVSS 9

CVE-2020-14501 CRITICAL
9.8 Jul 15

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Rated cri

CVE-2020-14507 CRITICAL
9.8 Jul 15

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an at

CVE-2020-14505 CRITICAL
9.8 Jul 15

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command

Share

EUVD-2025-21084 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy