CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CNVD•added 2025/12/10 12:0 a.m.•5 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097104)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...

5.4CVSS6.3AI score0.00024EPSS

Exploits0References1

OSV•added 2025/12/05 6:15 p.m.•0 views

CVE-2025-34259

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

5.4CVSS5.7AI score

Exploits0References3

NVD•added 2025/12/05 6:15 p.m.•3 views

CVE-2025-34259

5.4CVSS0.00024EPSS

Exploits0References3

EUVD•added 2025/12/05 5:16 p.m.•2 views

EUVD-2025-201436

5.1CVSS5AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2025/12/05 5:16 p.m.•2 views

CVE-2025-34259 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/building

5.1CVSS5.1AI score0.00024EPSS

Exploits0References3

CVE•added 2025/12/05 5:16 p.m.•4 views

CVE-2025-34259

Advantech WISE-DeviceOn Server (pre-5.4) is affected by a stored XSS in the /rmm/v1/devicemap/building endpoint. The issue arises from unfiltered/store of the map entry name which is later rendered in the map list UI without HTML sanitization, enabling an attacker to inject script that runs in th...

5.4CVSS5.1AI score0.00024EPSS

Exploits0References3Affected Software1