CVE-2025-7746 MEDIUM

Published: 2025-09-09 | Last Modified: 2026-04-15 | Status: Deferred

Description

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	NETWORK
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	NONE
User Interaction	PASSIVE
Vulnerability Confidentiality	NONE
Vulnerability Integrity	NONE
Vulnerability Availability	NONE
Subsequent Confidentiality	LOW
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-79

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-01.pdf
Source: [email protected]
http://seclists.org/fulldisclosure/2025/Sep/69
Source: af854a3a-2127-422b-91ae-364da2661108