3 matches found
CVE-2025-66258
Summary: CVE-2025-66258 describes a Stored XSS via XML Injection in DB Electronica Mozart FM Transmitter family (versions 30–7000). User-controlled filenames are concatenated into patchlist.xml without encoding, enabling injected JavaScript payloads (e.g., ). The XSS executes when ajax.js process...
CVE-2025-66258 Stored Cross-Site Scripting via XML Injection
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...
EUVD-2025-199674
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...