CVE-2025-41745

Name of the Vulnerable Software and Affected Versions versions prior to 2025-41745

Description An XSS issue exists in the pxc portCntr2.php file. An unauthenticated remote attacker can manipulate an authenticated user into sending a crafted POST request to the device, potentially altering parameters accessible through the web-based management interface (WBM). The vulnerability’s impact is limited to device configuration parameters within the web application’s scope and does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.