Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097005)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

CVE-2025-34261 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicegroups/

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

CVE-2025-34261

CVE-2025-34261 affects Advantech WISE-DeviceOn Server (versions prior to 5.4). The vulnerability is a stored XSS in the /rmm/v1/devicegroups/ endpoint: when an authenticated user creates a device group, the name/description are stored and later rendered without proper HTML sanitation. An attacker...