Lucene search
K
AdvantechWise-deviceon Server

11 matches found

CVE
CVE
added 2025/12/05 5:18 p.m.23 views

CVE-2025-34256

Advantech WISE-DeviceOn Server (prior to 5.4) uses a static HS512 HMAC secret to sign EIRMMToken JWTs, enabling forged tokens with a valid email claim. This allows remote, unauthenticated attackers to impersonate any DeviceOn account, including the root super admin, and obtain full administrative...

10CVSS7.4AI score0.00604EPSS
CVE
CVE
added 2025/12/05 5:15 p.m.22 views

CVE-2025-34257

The CVE-2025-34257 entry concerns Advantech WISE-DeviceOn Server (versions prior to 5.4). A stored XSS exists in the /rmm/v1/action/defined endpoint: when an authenticated user creates a task, the defined_name value is stored and later rendered in the Overview page without HTML sanitization. The ...

5.4CVSS5AI score0.00221EPSS
Web
CVE
CVE
added 2025/12/05 5:18 p.m.17 views

CVE-2025-34265

Advantech WISE-DeviceOn Server (prior to version 5.4) exposes a stored XSS in the /rmm/v1/rule-engines endpoint. When an authenticated user creates/updates a rule, the min, max, and unit fields are stored and later rendered without proper HTML sanitization, allowing injected script to run in the ...

5.4CVSS5.1AI score0.00172EPSS
Web
CVE
CVE
added 2025/12/05 5:17 p.m.15 views

CVE-2025-34264

Advantech WISE-DeviceOn Server (pre-5.4) is vulnerable to an authenticated stored XSS via the /rmm/v1/dog/{agentId} endpoint. When a user adds/edits Software Watchdog rules for an agent, the monitored process name is stored in a settings array and rendered in the Software Watchdog UI without prop...

5.4CVSS5AI score0.00172EPSS
Web
CVE
CVE
added 2025/12/05 5:16 p.m.14 views

CVE-2025-34258

Advantech WISE-DeviceOn Server

5.4CVSS5.1AI score0.00182EPSS
Web
CVE
CVE
added 2025/12/05 5:17 p.m.14 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 are affected by a stored XSS in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds/edits an AddIns menu entry, the label and path are stored in plugin configuration data and later rendered in the AddIns UI without ...

5.4CVSS5AI score0.00182EPSS
Web
CVE
CVE
added 2025/12/05 5:15 p.m.13 views

CVE-2025-34260

Affected product: Advantech WISE-DeviceOn Server prior to 5.4. Vulnerability: Authenticated stored XSS via /rmm/v1/action/schedule when a schedule name is stored and later rendered without HTML escaping. Root cause: Lack of proper input validation/escaping for user-supplied data at the schedule e...

5.4CVSS5AI score0.00216EPSS
Web
CVE
CVE
added 2025/12/05 5:16 p.m.13 views

CVE-2025-34261

CVE-2025-34261 affects Advantech WISE-DeviceOn Server (versions prior to 5.4). The vulnerability is a stored XSS in the /rmm/v1/devicegroups/ endpoint: when an authenticated user creates a device group, the name/description are stored and later rendered without proper HTML sanitation. An attacker...

5.4CVSS5AI score0.00221EPSS
Web
CVE
CVE
added 2025/12/05 5:16 p.m.11 views

CVE-2025-34262

Advantech WISE-DeviceOn Server has a stored XSS in /rmm/v1/devices/name/{agent_id} affecting versions prior to 5.4. An authenticated user can rename a device; the new_name is stored and later rendered in listings/details without HTML escaping, allowing injected script to run in the browser contex...

5.4CVSS5AI score0.00182EPSS
Web
CVE
CVE
added 2025/12/05 5:16 p.m.10 views

CVE-2025-34259

Advantech WISE-DeviceOn Server (pre-5.4) is affected by a stored XSS in the /rmm/v1/devicemap/building endpoint. The issue arises from unfiltered/store of the map entry name which is later rendered in the map list UI without HTML sanitization, enabling an attacker to inject script that runs in th...

5.4CVSS5.1AI score0.00221EPSS
Web
CVE
CVE
added 2025/12/05 5:17 p.m.10 views

CVE-2025-34263

CVE-2025-34263 : Advantech WISE-DeviceOn Server versions prior to 5.4 suffer an authenticated stored XSS in the /rmm/v1/plugin-config/dashboards/menus endpoint. When a user adds/edits a dashboard entry, the label and path are stored in plugin configuration data and rendered in the dashboard UI wi...

5.4CVSS5AI score0.00172EPSS
Web