CVE 6.3 MEDIUM

Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction()_CVE-2025-34237

November 6, 2025 invoker category_cve
6.3 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Description

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Basic Information

ID CVE-2025-34237
Source VulnCheck
Published Nov 6, 2025 at 19:40
Modified Nov 6, 2025 at 20:24

Affected Product

Vendor Advantech
Product WebAccess/VPN
Affected Versions Advantech WebAccess/VPN 0

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.