Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-JV5F-C6J9-F5GH
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30
VLAI?
Details
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
Severity ?
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2025-41746"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:17:49Z",
"severity": "HIGH"
},
"details": "An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.",
"id": "GHSA-jv5f-c6j9-f5gh",
"modified": "2025-12-09T18:30:37Z",
"published": "2025-12-09T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41746"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-071"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
CVE-2025-41746 (GCVE-0-2025-41746)
Vulnerability from cvelistv5 – Published: 2025-12-09 08:09 – Updated: 2025-12-09 16:01
VLAI?
EPSS
Summary
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | FL SWITCH 2005 |
Affected:
0.0.0 , < 3.50
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:21:46.638584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:01:26.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2005",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2008",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2016",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2105",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2108",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2116",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2204-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2205",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX SM",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX SM ST",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2FX ST",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2206C-2FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2207-FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2207-FX SM",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2208",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2208 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2208C",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2212-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2FX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2FX SM",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2214-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2216",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2216 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2304-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2306-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2306-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2308",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2308 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2312-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2314-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2314-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2316",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2316 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2404-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2406-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2406-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2408",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2408 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2412-2TC-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2414-2SFX",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2414-2SFX PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2416",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2416 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2504-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2506-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2506-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2508",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2508 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2512-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2514-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2514-2SFP PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2516",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2516 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2608",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2608 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2708",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2708 PN",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2303-8SP1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL NAT 2008",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL NAT 2208",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL NAT 2304-2GC-2SFP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2008F",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2316/K1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2506-2SFP/K1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL SWITCH 2508/K1",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "3.50",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube"
}
],
"datePublic": "2025-12-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.\u003cbr\u003e"
}
],
"value": "An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T08:09:53.352Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-071"
}
],
"source": {
"advisory": "VDE-2025-071",
"defect": [
"CERT@VDE#641831"
],
"discovery": "UNKNOWN"
},
"title": "Reflected XSS vulnerability in pxc_portSecCfg.php",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41746",
"datePublished": "2025-12-09T08:09:53.352Z",
"dateReserved": "2025-04-16T11:18:45.758Z",
"dateUpdated": "2025-12-09T16:01:26.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…