CVE-2025-49185 | THREATINT

Description

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

PUBLISHED Reserved 2025-06-03 | Published 2025-06-12 | Updated 2025-06-12 | Assigner SICK AG

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

affected

all versions (custom)

affected

References

cdn.sick.com/...ation_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

www.cisa.gov/...es-tools/resources/ics-recommended-practices

www.first.org/cvss/calculator/3.1

www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf vendor-advisory

www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json vendor-advisory

cve.org (CVE-2025-49185)

nvd.nist.gov (CVE-2025-49185)

Download JSON

help @ threatint.eu