CVE-2025-32984

Medium CVSS: 6.1

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.

Vendor

Product

CWE

Yayın Tarihi

2025-04-25 21:15:39

Güncelleme

2025-05-27 16:57:20

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Ngeniusone MEDIUM Netscout 2025

https://www.netscout.com/securityadvisories

High

CVE-2025-32981

NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.

High

CVE-2025-32982

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.

High

CVE-2025-32983

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.

Critical

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.

High

CVE-2025-32986

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.

Medium

CVE-2025-32979

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.