CVE-2025-34262

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Advantech WISE-DeviceOn Server versions prior to 5.4

Description The software contains a stored cross-site scripting (XSS) issue in the /rmm/v1/devices/name/{agent id} API endpoint. An authenticated user renaming a device allows for the injection of malicious script via the new name value. This script is executed in the browser of users viewing or interacting with the affected device, potentially leading to session compromise and unauthorized actions.

Recommendations Update to a version prior to 5.4.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-34262

Affected Products

Wise-Deviceon Server

CVE-2025-34262

Weakness Enumeration

Related Identifiers

Affected Products

References · 7