Description
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
Reserved 2025-03-31 | Published 2025-05-06 | Updated 2025-05-06 | Assigner
CERTVDEMEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
Any version before 3.79
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
Any version before 4.08
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
Any version before 3.70
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
References
cert.vde.com/en/advisories/VDE-2025-032
cve.org (CVE-2025-3020)
nvd.nist.gov (CVE-2025-3020)
Download JSON
