CNNVD-202512-1500 Information
Dec 09, 2025
cve
CNNVD ID
CNNVD-202512-1500
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
PHOENIX CONTACT FL SWITCH是德国菲尼克斯电气(PHOENIX CONTACT)公司的一款工业级以太网交换机。 PHOENIX CONTACT FL SWITCH 3.50之前版本存在跨站脚本漏洞,该漏洞源于未经验证的远程攻击者可利用跨站脚本攻击诱骗已验证用户点击恶意链接,可能导致设备配置参数被修改。
Description (English)
PHOENIX CONTATT FL SWITCH is an industrial Ethernet switchboard of PHOENIX CONTACT, Germany. The pre-PHOENIX CONTATT FL SWITCH 3.50 version has a cross-site script loophole, which stems from the fact that uncertified remote assailants can use the cross-site script attack to lure proven users to click on malicious links, which may lead to the modification of equipment configuration parameters.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
菲尼克斯电气
Published
2025-12-09
Last Modified
2026-02-24
References
https://certvde.com/en/advisories/VDE-2025-071/
Patch
https://www.phoenixcontact.com/en-us/company/phoenix-contact-group
Share on: