Lucene search
K

3731 matches found

OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.4CVSS5.7AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.2 views

CVE-2025-34263

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

5.4CVSS5.7AI score0.00172EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.12 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.4CVSS0.00182EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.13 views

CVE-2025-34265

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

5.4CVSS0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.8 views

CVE-2025-34264

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

5.4CVSS5.7AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

9.8CVSS6.1AI score0.00604EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-34258

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

5.4CVSS0.00182EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

5.4CVSS0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.2 views

CVE-2025-34258

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

5.4CVSS5.7AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.8 views

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

5.4CVSS0.00182EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.3 views

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

5.4CVSS5.7AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

5.4CVSS0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

5.4CVSS5.7AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.3 views

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

5.4CVSS0.00216EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.8 views

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

5.4CVSS5.7AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34259

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

5.4CVSS5.7AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.3 views

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

5.4CVSS5.7AI score0.00182EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 5:18 p.m.4 views

CVE-2025-34256 Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

10CVSS7.4AI score0.00604EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:18 p.m.20 views

CVE-2025-34256 Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

10CVSS0.00604EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:18 p.m.6 views

EUVD-2025-201428

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

10CVSS7.3AI score0.00604EPSS
Exploits0References4
Rows per page
Query Builder