Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
Type cve
Published 2025-07-21T09:31:25.796Z
Modified 2025-07-21T09:31:25.796Z

Product Information

Vendor MB connect line
Product mbNET.mini
Version 0.0.0

CVSS Information

Base Score 4.8 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Analysis

AI Description A high-privileged remote attacker can exploit this vulnerability to perform persistent cross-site scripting (XSS) attacks through improperly neutralized input in POST requests. This could allow attackers to inject malicious scripts into dynamic content, potentially affecting user sessions and data integrity. The vulnerability is considered medium severity due to its impact on user interaction and data integrity.
AI Severity Medium
AI Vendor MB connect line
AI Product mbNET.mini
AI Version 0.0.0

Affected Products

  • MB connect line mbNET.mini 0.0.0
  • Helmholz REX 100 0.0.0

Additional Information

CWE List CWE-79
Source CERTVDE

Description

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.