Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097798)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

CVE-2025-34265

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

CVE-2025-34265

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

CVE-2025-34265 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via rule-engines

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

CVE-2025-34265

Advantech WISE-DeviceOn Server (prior to version 5.4) exposes a stored XSS in the /rmm/v1/rule-engines endpoint. When an authenticated user creates/updates a rule, the min, max, and unit fields are stored and later rendered without proper HTML sanitization, allowing injected script to run in the ...

CVE-2025-34265 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via rule-engines

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

EUVD-2025-201429

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

Advantech WISE-DeviceOn Server 跨站脚本漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

PT-2025-49286

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...