Iyadalkhatib98

#11591of 53,632
23.7Total CVSS
Vulnerabilities · 4
Medium
4
PT-2025-49589
6.1
2025-12-08
Barix · Barix Instreamer · CVE-2025-65231
**Name of the Vulnerable Software and Affected Versions** Barix Instreamer versions prior to 04.07 **Description** The software contains a Cross Site Scripting (XSS) issue within the Web UI. Specifically, the I/O & Serial configuration page’s CTS close command user-input field is affected. This field stores user-provided data and subsequently renders it on the Status page, creating a potential for XSS attacks. The vulnerable input is located on the I/O & Serial configuration page and impacts the rendering of data on the Status page. The vulnerable parameter is the CTS close command user-input field. **Recommendations** Update to version 04.07 or later.
PT-2025-49594
5.4
2025-12-08
Barix · Barix Instreamer · CVE-2025-65230
**Name of the Vulnerable Software and Affected Versions** Barix Instreamer versions 04.05 and 04.06 **Description** The software contains a stored cross-site scripting (XSS) issue within the Web UI Configuration Streaming Destination input. This allows for the injection of malicious scripts through this input field. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all input to the Streaming Destination configuration within the Web UI.
PT-2025-47943
5.7
2025-11-24
Magewell · Magewell Pro Convert · CVE-2025-63952
**Name of the Vulnerable Software and Affected Versions** Magewell Pro Convert version 1.2.213 **Description** A Cross-Site Request Forgery (CSRF) exists in the `/mwapi?method=add-user` component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint `/mwapi?method=add-user` is vulnerable. **Recommendations** Update to a newer version that contains a fix for this vulnerability.
PT-2025-47944
6.5
2025-11-24
Magewell · Magewell Pro Convert · CVE-2025-63953
**Name of the Vulnerable Software and Affected Versions** Magewell Pro Convert version 1.2.213 **Description** A Cross-Site Request Forgery (CSRF) exists in the `/usapi?method=add-user` component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint `/usapi?method=add-user` is vulnerable. The `method` parameter is involved in the attack. **Recommendations** Update to a newer version that contains a fix for this vulnerability.