CVE-2025-60737

Medium CVSS: 6.1

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-79

Yayın Tarihi

2025-11-20 16:15:58

Güncelleme

2025-12-12 15:32:10

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Eve X1 Server Firmware MEDIUM Ilevia 2025

Referanslar

https://github.com/iSee857/ilevia-EVE-X1-Server-CSRF

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…

High

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product…