PT-2025-17432 · Unknown · Ova Connect Installer
Published
2025-04-21
·
Updated
2025-04-21
·
CVE-2025-3840
CVSS v4.0
2.1
Low
| Vector | AV:A/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OVA Connect Installer (affected versions not specified)
Description
An improper neutralization of input issue was identified in the End of Life (EOL) OVA based connect installer component. This component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the
action parameter of the "login form" to inject malicious scripts, which would lead to a Cross-Site Scripting (XSS) attack under certain conditions.Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ova Connect Installer