CVE-2025-34236

Опубликовано: 06 нояб. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Ссылки

https://icr.advantech.com/download/software
Product
https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf
Release Notes
https://www.vulncheck.com/advisories/advantech-webaccess-vpn-stored-xss-via-networkcontroller
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advantech:webaccess\/vpn:*:*:*:*:*:*:*:*

Версия до 1.1.5 (исключая)

EPSS

Процентиль: 13%

0.00044

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j74r-jj49-g8gj

CVSS3: 5.4

github

3 месяца назад

BDU:2025-13985

CVSS3: 8.1

fstec