CVE-2025-6235

Name of the Vulnerable Software and Affected Versions ExtremeControl versions prior to 25.5.12

Description The application contains a cross-site scripting (XSS) issue in a login interface. This is due to improper handling of user-supplied input within HTML attributes, which allows an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.

Recommendations Update to version 25.5.12 or later.