exploitDog

CVE-2025-2865

Опубликовано: 28 мар. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00097

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-942

CWE-79

Связанные уязвимости

GHSA-7v32-cc9h-mhv6

CVSS3: 6.1

github

11 месяцев назад

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

EPSS

Процентиль: 27%

0.00097

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-942

CWE-79