CVE-2025-8153 | THREATINT

Description

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows a attacker to inject an arbitrary scripts may be executed on the user's browser.

PUBLISHED Reserved 2025-07-25 | Published 2025-09-17 | Updated 2025-09-17 | Assigner NEC

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unknown

from Ver.9.5 to Ver.10.7

affected

Default status

unknown

from Ver.10.8.21 to Ver.10.8.36

affected

Default status

unknown

from Ver.10.9.11 to Ver.10.9.24

affected

Default status

unknown

from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6

affected

Default status

unknown

Ver1.3.16, Ver1.3.21

affected

Credits

RyotaK of GMO Flatt Security Inc. reporter

References

jpn.nec.com/security-info/secinfo/nv25-005_en.html

cve.org (CVE-2025-8153)

nvd.nist.gov (CVE-2025-8153)

Download JSON