CVE-2025-41442 | THREATINT

Description

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

PUBLISHED Reserved 2025-07-02 | Published 2025-07-10 | Updated 2025-07-11 | Assigner icscert

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79

Product status

Default status

unaffected

Any version before 5.7.05 build 7057

affected

Credits

Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

www.advantech.com/en/support/details/firmware-?id=1-HIPU-183

cve.org (CVE-2025-41442)

nvd.nist.gov (CVE-2025-41442)

Download JSON