CVE-2025-41750

Name of the Vulnerable Software and Affected Versions pxc PortCfg.php (affected versions not specified)

Description An XSS issue exists in the pxc PortCfg.php file. An unauthenticated remote attacker can potentially trick an authenticated user into clicking a malicious link, allowing the attacker to modify device configuration parameters accessible through the web-based management interface. The vulnerability does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. The attack requires a user to click a link provided by the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.