CVE-2025-5516

🗓️ 03 Jun 2025 18:00:18Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 49 Views🌐 WEB

Vulnerability CVE-2025-5516 in TOTOLINK X2000R allows remote cross site scripting attacks.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-5516	3 Jun 202519:26	–	circl
CNNVD	TOTOLINK X2000R 安全漏洞	3 Jun 202500:00	–	cnnvd
CNVD	X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.	11 Jun 202500:00	–	cnvd
Cvelist	CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting	3 Jun 202518:00	–	cvelist
EUVD	EUVD-2025-16762	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5516	3 Jun 202518:15	–	nvd
Positive Technologies	PT-2025-23655 · Totolink · Totolink X2000R	26 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5516	5 Jun 202518:05	–	redhatcve
Vulnrichment	CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting	3 Jun 202518:00	–	vulnrichment

NVD

Node

totolink x2000r_firmwareMatch1.0.0-b20230726.1108

AND

totolink x2000rMatch-

[
  {
    "vendor": "TOTOLINK",
    "product": "X2000R",
    "versions": [
      {
        "version": "1.0.0-B20230726.1108",
        "status": "affected"
      }
    ],
    "modules": [
      "URL Filtering Page"
    ]
  }
]

Source	Link
totolink	www.totolink.net/
vuldb	www.vuldb.com/
github	www.github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_url_filtering
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
URL Address	request body	/boafrm/formFilter	Cross-site scripting via manipulation of the URL Address parameter on /boafrm/formFilter.	CWE-79, CWE-94

06 Jun 2025 17:42Current

3.4Low risk

Vulners AI Score3.4

CVSS 3.12.4 - 4.8

CVSS 23.3

CVSS 44.8

CVSS 32.4

EPSS0.0016

SSVC