XSS Vulnerability in GigaVue-FM

July 4, 2025 invoker category_cve

CVE Details

Basic Information

Title XSS Vulnerability in GigaVue-FM
Type cve
Published 2023-03-10T00:00:00.000Z
Modified 2025-02-27T19:03:17.762Z

Product Information

Vendor Gigamon
Product GigaVUE-FM
Version GigaVUE-OS 5.0 202 5.0 202

CVSS Information

Base Score 6.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Analysis

AI Description A reflected Cross-Site Scripting (XSS) vulnerability exists in the help page of GigaVUE-FM. This allows attackers to inject malicious JavaScript via the URI without authentication, potentially hijacking user sessions or stealing data.
AI Severity Medium
AI Vendor Gigamon
AI Product GigaVUE-FM
AI Version GigaVUE-OS 5.0 202 5.0 202

Affected Products

  • Gigamon GigaVUE-FM GigaVUE-OS 5.0 202 5.0 202

Additional Information

CWE List CWE-79
Source INCIBE

Description

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.