exploitDog

CVE-2025-65231

Опубликовано: 08 дек. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page.

Ссылки

https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-65231
Exploit
Third Party Advisory
https://help.barix.com/instreamer/user-manual
Product
https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-65231
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:barix:instreamer_firmware:*:*:*:*:*:*:*:*

Версия до 4.06 (включая)

cpe:2.3:h:barix:instreamer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00044

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7vpr-g4pp-5q85

CVSS3: 6.1

github

2 месяца назад

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page.

EPSS

Процентиль: 13%

0.00044

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79