PT-2025-4477 · Eric Mcniece · Emc2 Alert Boxes

0Xd4Rk5Id3

Published

2025-01-07

Updated

2025-01-08

CVE-2025-22365

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions EMC2 Alert Boxes versions n/a through 1.3

Description The issue affects Eric McNiece EMC2 Alert Boxes, allowing Stored XSS due to improper neutralization of input during web page generation. This enables attackers to inject malicious scripts into the application.

Recommendations For versions n/a through 1.3, update to a version that fixes the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-22365

Affected Products

Emc2 Alert Boxes

PT-2025-4477 · Eric Mcniece · Emc2 Alert Boxes

CVE-2025-22365

Weakness Enumeration

Related Identifiers

Affected Products

References · 6