PT-2025-39033 · Unknown · Mesh Connect Js Sdk
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-59430
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mesh Connect JS SDK versions prior to 3.3.2
Description
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. A lack of sanitization of URLs protocols in the
createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This allows access to the parent page DOM, storage, session, and cookies. If an attacker can specify customIframeId, they can hijack the source of existing iframes.Recommendations
Update to Mesh Connect JS SDK version 3.3.2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mesh Connect Js Sdk