PT-2025-13673 · Unknown · Fast Lta Silent Brick Webui
Stefan Mettler
·
Published
2025-03-31
·
Updated
2025-03-31
·
CVE-2025-2072
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
FAST LTA Silent Brick WebUI versions prior to 2.63.04
Description
A Reflected Cross-Site Scripting (XSS) issue has been discovered, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This occurs when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this issue, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are
h, hd, p, pi, s, t, x, y.Recommendations
For versions prior to 2.63.04, update to version 2.63.04 or later to resolve the issue.
As a temporary workaround, consider restricting access to the affected parameters
h, hd, p, pi, s, t, x, y in the WebUI until a patch is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fast Lta Silent Brick Webui