CVE-2025-41747

Name of the Vulnerable Software and Affected Versions pxc vlanIntfCfg.php (affected versions not specified)

Description An XSS issue exists in pxc vlanIntfCfg.php. An unauthenticated remote attacker can manipulate an authenticated user into sending a crafted POST request to the device, potentially altering parameters accessible through the web-based management interface (WBM). The vulnerability’s impact is limited to device configuration parameters within the web application’s context and does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. The vulnerable file is pxc vlanIntfCfg.php and the attack involves manipulating a POST request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.