5 matches found
CVE-2025-3905
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3905
creationtimestamp| type| source ---|---|--- 2025-06-10 09:33:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17854 2025-06-24 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-03 2025-06-25 10:49:24+00:00| published-proof-of-concept| https://t.me/icscert/1198...
CVE-2025-3905
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3905
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3905
CVE-2025-3905 is a cross-site scripting (CWE-79) vulnerability affecting Schneider Electric Modicon Controllers (notably M241/M251/M258/LMC058/M262). The issue arises from improper input neutralization during web page generation, allowing an authenticated malicious user to inject unvalidated data...