CVE-2025-34263

Name of the Vulnerable Software and Affected Versions Advantech WISE-DeviceOn Server versions prior to 5.4

Description The software contains a stored cross-site scripting (XSS) issue in the /rmm/v1/plugin-config/dashboards/menus API endpoint. An attacker can inject malicious script into the label and path values when an authenticated user adds or edits a dashboard entry. These values are stored in plugin configuration data and rendered in the dashboard UI without proper HTML sanitation. This can lead to the execution of the script in a user's browser, potentially allowing session compromise and unauthorized actions.

Recommendations Update to version 5.4 or later.