CVE-2025-52378 | Nexxt NCM-X1800 up to 1.2.7 Device Management Page um_device_set_aliasname DEVICE_ALIAS cross site scripting (EUVD-2025-21440)

Inserito da Angelo Barbosa | Lug 15, 2025 | CVE

A vulnerability, which was classified as problematic, was found in Nexxt NCM-X1800 up to 1.2.7. Affected is an unknown function of the file /web/um_device_set_aliasname of the component Device Management Page. The manipulation of the argument DEVICE_ALIAS leads to cross site scripting.

This vulnerability is traded as CVE-2025-52378. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-52378 | Nexxt NCM-X1800 up to 1.2.7 Device Management Page um_device_set_aliasname DEVICE_ALIAS cross site scripting (EUVD-2025-21440)

Post correlati

CVE-2024-46648 | eNMS 4.4.0/4.7.1 scan_folder path traversal

CVE-2024-40766 | SonicWALL SonicOS up to 5.9.2.14-12o/6.5.4.14-109n/7.0.1-5035 Management access control (SNWLID-2024-0015)

CVE-2024-8928 | PHP up to 8.1.29/8.2.23/8.3.11 Multipart Form Data Parser improper validation of syntactic correctness of input

CVE-2024-7153 | Netgear WN604 up to 20240719 siteSurvey.php direct request