CVE-2025-7746 | THREATINT

Description

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

PUBLISHED Reserved 2025-07-17 | Published 2025-09-09 | Updated 2025-09-10 | Assigner schneider

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

all versions

affected

Default status

unaffected

all versions

affected

Default status

unaffected

all versions

affected

Default status

unaffected

all versions

affected

Default status

unaffected

all versions

affected

Default status

unaffected

all versions

affected

Default status

unaffected

all versions

affected

Default status

unaffected

all versions (version) before v25.0

affected

References

download.schneider-electric.com/...Name=SEVD-2025-252-01.pdf

cve.org (CVE-2025-7746)

nvd.nist.gov (CVE-2025-7746)

Download JSON