17 matches found
CVE-2025-41751
An XSS vulnerability in pxcportCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
EUVD-2025-201899
An XSS vulnerability in portutil.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
EUVD-2025-201898
An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
EUVD-2025-201896
An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...
EUVD-2025-201900
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
EUVD-2025-201894
An XSS vulnerability in dynconn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41748
An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41750
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41695
An XSS vulnerability in dynconn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41747
CVE-2025-41747 describes an unauthenticated XSS vulnerability in the web interface component pxc_vlanIntfCfg.php that can fool an authenticated user into sending a manipulated POST request to modify device configuration parameters available through the web-based management interface (WBM). The is...
CVE-2025-41749 Reflected XSS vulnerability in port_util.php
An XSS vulnerability in portutil.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41750 Reflected XSS vulnerability in pxc_PortCfg.php
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41750 Reflected XSS vulnerability in pxc_PortCfg.php
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41750
CVE-2025-41750 is a reflected XSS in the web interface page pxc_PortCfg.php affecting Phoenix Contact FL SWITCH prior to version 3.50 . An unauthenticated attacker can lure an authenticated user to click a malicious link, enabling changes to device configuration parameters via the web-based manag...
CVE-2025-41751 Reflected XSS vulnerability in pxc_portCntr.php
An XSS vulnerability in pxcportCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
PT-2025-49819
An XSS vulnerability in pxc vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...
SUSE CVE-2011-4953
The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...