CVE-2025-34253

Name of the Vulnerable Software and Affected Versions D-Link Nuclias Connect versions 1.3.1.4 and earlier

Description The software contains a stored cross-site scripting (XSS) issue because of insufficient input validation of the Network field during configuration editing, profile creation, and network addition. A user with network access can inject JavaScript code that will be executed when other users view the profile. The affected API endpoint is not specified. The vulnerable parameter is Network.

Recommendations Update to a version of the software later than 1.3.1.4.