PT-2025-44773 · Unknown · Water Management System

Published

2025-11-03

Updated

2025-11-10

CVE-2025-63446

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Water Management System version 1.0

Description Water Management System version 1.0 is susceptible to Cross Site Scripting (XSS) attacks. The issue is located in the /add vendor.php endpoint. The vulnerability allows for the injection of malicious scripts through this endpoint.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling or restricting access to the /add vendor.php endpoint until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-63446

Affected Products

Water Management System

PT-2025-44773 · Unknown · Water Management System

CVE-2025-63446

Weakness Enumeration

Related Identifiers

Affected Products

References · 5