exploitDog

CVE-2025-63211

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint.

Ссылки

https://bridgetech.tv/
Product
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63211_bridgetech%20VBC%20Server%20and%20Element%20Manager%20Stored%20%20xss
Third Party Advisory
Exploit
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63211_bridgetech%20VBC%20Server%20and%20Element%20Manager%20Stored%20%20xss
Third Party Advisory
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bridgetech:vbc_server:6.5.0-9:*:*:*:*:*:*:*

cpe:2.3:a:bridgetech:vbc_server:6.5.0-10:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00062

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5356-vf3g-3c6h

CVSS3: 6.1

github

3 месяца назад

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint.

EPSS

Процентиль: 19%

0.00062

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79