CVE-2025-41746

Name of the Vulnerable Software and Affected Versions pxc portSecCfg.php (affected versions not specified)

Description An XSS vulnerability exists in the pxc portSecCfg.php file. An unauthenticated remote attacker can exploit this to manipulate an authenticated user into sending a crafted POST request to the device. This allows modification of parameters accessible through the web-based management interface (WBM). The vulnerability’s impact is limited to device configuration parameters within the web application’s context and does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. The vulnerable file is pxc portSecCfg.php. The attack involves manipulating a POST request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.