fkie_cve-2025-25612
Vulnerability from fkie_nvd
Published
2025-03-17 15:15
Modified
2025-03-17 18:15
Severity ?
Summary
FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user's browser.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the \"Time Range Name\" field, which is improperly sanitized. When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user\u0027s browser."
},
{
"lang": "es",
"value": "FS Inc S3150-8T2F anterior a la versi\u00f3n S3150-8T2F_2.2.0D_135103 es vulnerable a cross site scripting (XSS) en la funci\u00f3n de configuraci\u00f3n de intervalo de tiempo de la interfaz de administraci\u00f3n. Un atacante puede inyectar JavaScript malicioso en el campo \"Nombre del intervalo de tiempo\", que no est\u00e1 correctamente depurado. Al guardar esta entrada, se ejecuta posteriormente en el navegador de cualquier usuario que acceda a la p\u00e1gina afectada, incluidos los administradores, lo que provoca la ejecuci\u00f3n de un script arbitrario en el navegador del usuario."
}
],
"id": "CVE-2025-25612",
"lastModified": "2025-03-17T18:15:21.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-17T15:15:43.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fs.com"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/secmuzz/CVE-2025-25612/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…