CVE-2025-34260 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an…
Medium CVSS: 5.1

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML sanitation. An attacker can inject malicious script into the schedule name, which is then executed in the browser context of users who view or interact with the affected schedule, potentially enabling session compromise and unauthorized actions as the victim.
Vendor
Advantech
Product
Wise-deviceon Server
CWE
CWE-79
Yayın Tarihi
2025-12-05 18:15:55
Güncelleme
2025-12-17 17:15:49
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-79 Wise-deviceon Server MEDIUM Advantech 2025

Referanslar

https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn-20251208-2.pdf https://docs.deviceon.advantech.com/docs/resource/ https://www.vulncheck.com/advisories/advantech-wise-deviceon-server-authenticated-stored-xss-via-action-schedule