CVE-2025-63735

Name of the Vulnerable Software and Affected Versions Ruckus Unleashed version 200.13.6.1.319

Description A reflected Cross Site Scripting (XSS) issue exists in Ruckus Unleashed. The issue is located in the captive-portal endpoint ''selfguestpass/guestAccessSubmit.jsp'' and is triggered through manipulation of the name parameter. This allows for the injection of malicious scripts.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize or restrict the input allowed for the name parameter in the ''selfguestpass/guestAccessSubmit.jsp'' endpoint.