CVE-2025-6235

Medium CVSS: 5.3

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.

Vendor

Extremenetworks

Product

Extremecontrol

CWE

CWE-79

Yayın Tarihi

2025-07-21 14:15:29

Güncelleme

2026-01-14 18:17:50

Source Identifier

1c053176-eef3-4d6a-ae0b-24728c86587b

KEV Date Added

Kategoriler

CWE-79 Extremecontrol MEDIUM Extremenetworks 2025

Referanslar

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000128019

Benzer Kayıtlar

High

CVE-2025-11192

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on…

High

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure…

Medium

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id fi…

Medium

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.

High

CVE-2024-38291

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege esc…

Critical

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which ma…