CVE-2025-2072
Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI
A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are "h", "hd", "p", "pi", "s", "t", "x", "y".
Reserved 2025-03-06 | Published 2025-03-31 | Updated 2025-03-31 | Assigner SEC-VLabCWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
| 2024-12-24: | vulnerability has been identified and reported to the vendor |
| 2025-01-16: | transmission of further technical information to the vendor |
| 2025-01-23: | vulnerability has been confirmed by the vendor and a patch is in progress |
| 2025-03-06: | Vendor patch available |
Stefan Mettler from CRYPTRON Security GmbH
www.fast-lta.de/de/fast/silent-bricks-software-2-63
Support options
