CVE-2025-41748

Name of the Vulnerable Software and Affected Versions pxc Dot1xCfg.php (affected versions not specified)

Description An XSS issue exists in pxc Dot1xCfg.php that allows an unauthenticated remote attacker to potentially manipulate an authenticated user into clicking a malicious link. This could lead to changes in device configuration parameters accessible through the web-based management interface (WBM). The vulnerability does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.