Home
MEDIUM: 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NDefault status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
Any version before 3.79
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
Any version before 4.08
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
Any version before 3.70
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Default status
unaffected
all
affected
Description
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
all
all
all
all
Any version before 3.79
all
all
all
all
all
all
all
Any version before 4.08
all
all
all
all
all
Any version before 3.70
all
all
all
all
all
all
all
all
all
References
cert.vde.com/en/advisories/VDE-2025-032