PT-2025-47411 · Unknown · Mozart Fm Transmitter
Published
2025-11-18
·
Updated
2025-12-06
·
CVE-2025-63229
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mozart FM Transmitter version WEBMOZZI-00287
Description
The Mozart FM Transmitter web management interface is susceptible to a reflected Cross-Site Scripting (XSS) issue. An attacker can inject a malicious JavaScript payload into the
?m= query parameter of the '/main0.php' endpoint. Successful exploitation allows the execution of arbitrary code within the victim’s browser, potentially leading to the theft of sensitive data, session hijacking, or unauthorized actions.Recommendations
Apply input validation and output encoding to the
?m= query parameter in the '/main0.php' endpoint.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mozart Fm Transmitter