CVE-2025-34259

Name of the Vulnerable Software and Affected Versions Advantech WISE-DeviceOn Server versions prior to 5.4

Description The software contains a stored cross-site scripting (XSS) issue in the /rmm/v1/devicemap/building API endpoint. An authenticated user creating a map entry allows an attacker to inject malicious script into the name parameter. This script is then executed in the browser context of users viewing or interacting with the affected map entry, potentially leading to session compromise and unauthorized actions. The vulnerable parameter is name.

Recommendations Update to version 5.4 or later.