PT-2025-38100 · Nec · Univerge Ix+1
Ryotak
·
Published
2025-09-17
·
Updated
2025-09-17
·
CVE-2025-8153
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
NEC Corporation UNIVERGE IX versions 9.5 through 10.7
NEC Corporation UNIVERGE IX versions 10.8.21 through 10.8.36
NEC Corporation UNIVERGE IX versions 10.9.11 through 10.9.24
NEC Corporation UNIVERGE IX versions 10.10.21 through 10.10.31
NEC Corporation UNIVERGE IX version 10.11.6
NEC Corporation UNIVERGE IX-R/IX-V versions 1.3.16 and 1.3.21
Description
A cross-site scripting issue exists in NEC Corporation UNIVERGE IX and UNIVERGE IX-R/IX-V. This allows an attacker to inject arbitrary scripts that may be executed in the user's browser.
Recommendations
Update NEC Corporation UNIVERGE IX to a version later than 10.7.
Update NEC Corporation UNIVERGE IX to a version later than 10.8.36.
Update NEC Corporation UNIVERGE IX to a version later than 10.9.24.
Update NEC Corporation UNIVERGE IX to a version later than 10.10.31.
Update NEC Corporation UNIVERGE IX to a version later than 10.11.6.
Update NEC Corporation UNIVERGE IX-R/IX-V to a version later than 1.3.21.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Univerge Ix
Univerge Ix-R/Ix-V