CVE-2025-13937

Medium CVSS: 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Vendor

Watchguard

Product

Fireware

CWE

CWE-79

Yayın Tarihi

2025-12-04 22:15:47

Güncelleme

2025-12-10 16:02:33

Source Identifier

5d1c2695-1a31-4499-88ae-e847036fd7e3

KEV Date Added

Kategoriler

CWE-79 Fireware MEDIUM Watchguard 2025

Referanslar

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022

Benzer Kayıtlar

Medium

CVE-2026-3343

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript…

Medium

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and…

High

CVE-2026-3342

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to ex…

Critical

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute ar…

Medium

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard…

Medium

CVE-2025-13939

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard…