CNNVD-202512-620 Information
CNNVD ID
CNNVD-202512-620
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Advantech WISE-DeviceOn Server是中国台湾研华(Advantech)公司的一个物联网设备管理平台软件。 Advantech WISE-DeviceOn Server 5.4之前版本存在跨站脚本漏洞,该漏洞源于/rmm/v1/dog/{agentId}端点未清理HTML,可能导致存储型跨站脚本攻击。
Description (English)
Advantech Weste-DeviceOn Server is a software for the management of a networked equipment platform at Advantech. A pre-Advantech Wise-DeviceOn Server 5.4 has a cross-site script loophole, which originates in/rmm/v1/dog/{agentId} endpoints that have not been cleared of HTML, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
研华
Published
2025-12-05
Last Modified
2026-02-24
References
https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY—-DeviceOn.pdf https://docs.deviceon.advantech.com/docs/resource/ https://www.vulncheck.com/advisories/advantech-wise-deviceon-server-authenticated-stored-xss-via-dog-agentid https://access.redhat.com/security/cve/cve-2025-34264
Patch
https://docs.deviceon.advantech.com/docs/resource/
Share on: