{"id":29532,"date":"2025-12-09T12:28:17","date_gmt":"2025-12-09T12:28:17","guid":{"rendered":"http:\/\/localhost\/?p=29532"},"modified":"2025-12-09T12:28:17","modified_gmt":"2025-12-09T12:28:17","slug":"reflected-xss-vulnerability-in-pxcportsfpphp","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=29532","title":{"rendered":"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752"},"content":{"rendered":"

{“lastseen”:””,”description”:”An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.”,”published”:”2025-12-09T08:07:03.244Z”,”modified”:”2025-12-09T08:07:03.244Z”,”type”:”cve”,”title”:”Reflected XSS vulnerability in pxc_portSfp.php”,”source”:”CERTVDE”,”references”:”https:\/\/certvde.com\/en\/advisories\/VDE-2025-071\/”,”id”:”CVE-2025-41752″,”bulletinFamily”:””,”cwe”:[“CWE-79″],”cvelist”:null,”sourceData”:”Phoenix Contact FL SWITCH 2005 0.0.0\\nPhoenix Contact FL SWITCH 2008 0.0.0\\nPhoenix Contact FL SWITCH 2016 0.0.0\\nPhoenix Contact FL SWITCH 2105 0.0.0\\nPhoenix Contact FL SWITCH 2108 0.0.0\\nPhoenix Contact FL SWITCH 2116 0.0.0\\nPhoenix Contact FL SWITCH 2204-2TC-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2205 0.0.0\\nPhoenix Contact FL SWITCH 2206-2FX 0.0.0\\nPhoenix Contact FL SWITCH 2206-2FX SM 0.0.0\\nPhoenix Contact FL SWITCH 2206-2FX SM ST 0.0.0\\nPhoenix Contact FL SWITCH 2206-2FX ST 0.0.0\\nPhoenix Contact FL SWITCH 2206-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2206-2SFX PN 0.0.0\\nPhoenix Contact FL SWITCH 2206C-2FX 0.0.0\\nPhoenix Contact FL SWITCH 2207-FX 0.0.0\\nPhoenix Contact FL SWITCH 2207-FX SM 0.0.0\\nPhoenix Contact FL SWITCH 2208 0.0.0\\nPhoenix Contact FL SWITCH 2208 PN 0.0.0\\nPhoenix Contact FL SWITCH 2208C 0.0.0\\nPhoenix Contact FL SWITCH 2212-2TC-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2214-2FX 0.0.0\\nPhoenix Contact FL SWITCH 2214-2FX SM 0.0.0\\nPhoenix Contact FL SWITCH 2214-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2214-2SFX PN 0.0.0\\nPhoenix Contact FL SWITCH 2216 0.0.0\\nPhoenix Contact FL SWITCH 2216 PN 0.0.0\\nPhoenix Contact FL SWITCH 2304-2GC-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2306-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2306-2SFP PN 0.0.0\\nPhoenix Contact FL SWITCH 2308 0.0.0\\nPhoenix Contact FL SWITCH 2308 PN 0.0.0\\nPhoenix Contact FL SWITCH 2312-2GC-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2314-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2314-2SFP PN 0.0.0\\nPhoenix Contact FL SWITCH 2316 0.0.0\\nPhoenix Contact FL SWITCH 2316 PN 0.0.0\\nPhoenix Contact FL SWITCH 2404-2TC-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2406-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2406-2SFX PN 0.0.0\\nPhoenix Contact FL SWITCH 2408 0.0.0\\nPhoenix Contact FL SWITCH 2408 PN 0.0.0\\nPhoenix Contact FL SWITCH 2412-2TC-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2414-2SFX 0.0.0\\nPhoenix Contact FL SWITCH 2414-2SFX PN 0.0.0\\nPhoenix Contact FL SWITCH 2416 0.0.0\\nPhoenix Contact FL SWITCH 2416 PN 0.0.0\\nPhoenix Contact FL SWITCH 2504-2GC-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2506-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2506-2SFP PN 0.0.0\\nPhoenix Contact FL SWITCH 2508 0.0.0\\nPhoenix Contact FL SWITCH 2508 PN 0.0.0\\nPhoenix Contact FL SWITCH 2512-2GC-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2514-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2514-2SFP PN 0.0.0\\nPhoenix Contact FL SWITCH 2516 0.0.0\\nPhoenix Contact FL SWITCH 2516 PN 0.0.0\\nPhoenix Contact FL SWITCH 2608 0.0.0\\nPhoenix Contact FL SWITCH 2608 PN 0.0.0\\nPhoenix Contact FL SWITCH 2708 0.0.0\\nPhoenix Contact FL SWITCH 2708 PN 0.0.0\\nPhoenix Contact FL SWITCH 2303-8SP1 0.0.0\\nPhoenix Contact FL NAT 2008 0.0.0\\nPhoenix Contact FL NAT 2208 0.0.0\\nPhoenix Contact FL NAT 2304-2GC-2SFP 0.0.0\\nPhoenix Contact FL SWITCH 2008F 0.0.0\\nPhoenix Contact FL SWITCH 2316\/K1 0.0.0\\nPhoenix Contact FL SWITCH 2506-2SFP\/K1 0.0.0\\nPhoenix Contact FL SWITCH 2508\/K1 0.0.0″,”sourceHref”:””,”cvss”:{“score”:7.1,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”FL SWITCH 2005″,”version”:”0.0.0″,”vendor”:”Phoenix Contact”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,50,12,15,13,7,11,5],"class_list":["post-29532","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-71","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nReflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=29532\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=29532\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-09T12:28:17+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752\",\"datePublished\":\"2025-12-09T12:28:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532\"},\"wordCount\":608,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.1\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=29532#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532\",\"name\":\"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-09T12:28:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=29532\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29532#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=29532","og_locale":"en_US","og_type":"article","og_title":"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752 - zero redgem","og_description":"{“lastseen”:””,”description”:”An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by...","og_url":"https:\/\/zero.redgem.net\/?p=29532","og_site_name":"zero redgem","article_published_time":"2025-12-09T12:28:17+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=29532#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=29532"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752","datePublished":"2025-12-09T12:28:17+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=29532"},"wordCount":608,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.1","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=29532#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=29532","url":"https:\/\/zero.redgem.net\/?p=29532","name":"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-09T12:28:17+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=29532#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=29532"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=29532#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Reflected XSS vulnerability in pxc_portSfp.php_CVE-2025-41752"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/29532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=29532"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/29532\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=29532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=29532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=29532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}