Home

Description

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

PUBLISHED Reserved 2025-03-27 | Published 2025-03-28 | Updated 2025-03-28 | Assigner INCIBE




LOW: 2.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-942: Permissive Cross-domain Policy with Untrusted Domains

Product status

Default status
unaffected

2.1.3
affected

Credits

Aarón Flecha finder

Gabriel Vía Echezarreta finder

References

www.incibe.es/...ultiple-vulnerabilities-arteches-satech-bcu

cve.org (CVE-2025-2865)

nvd.nist.gov (CVE-2025-2865)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.