CNNVD-202512-1501 Information
Dec 09, 2025
cve
CNNVD ID
CNNVD-202512-1501
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
PHOENIX CONTACT FL SWITCH是德国菲尼克斯电气(PHOENIX CONTACT)公司的一款工业级以太网交换机。 Phoenix Contact FL SWITCH 3.50之前版本存在跨站脚本漏洞,该漏洞源于未经验证的远程攻击者可利用跨站脚本攻击诱骗已验证用户点击恶意链接,可能导致设备配置参数被修改。
Description (English)
PHOENIX CONTATT FL SWITCH is an industrial Ethernet switchboard of PHOENIX CONTACT, Germany. Phoenix Contact FL SWITCH 3.50, prior to the version, had a cross-site script loophole, which stemmed from unverified remote assailants who could use the cross-site script attack to seduce a proven user by clicking on a malicious link, which could lead to the modification of equipment configuration parameters.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
菲尼克斯电气
Published
2025-12-09
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-071
Patch
https://www.phoenixcontact.com/en-us/company/phoenix-contact-group
Share on: