CVE-2025-6235 Information

Description

In ExtremeControl before 25.5.12 a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes allowing an attacker to inject script code that may execute in a user’s browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.

Reference

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000128019

Related CNNVD

CNNVD-202507-2643 (Published: 2025-07-21)