CVE-2025-5505 | TOTOLINK A3002RU 2.1.1-B20230720.1011 Virtual Server Page /boafrm/formPortFw service_type cross site scripting

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting.

The identification of this vulnerability is CVE-2025-5505. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5505 | TOTOLINK A3002RU 2.1.1-B20230720.1011 Virtual Server Page /boafrm/formPortFw service_type cross site scripting

Post correlati

CVE-2018-9382 | Google Android Wi-Fi Hotspot WifiServiceImpl.java permission

CVE-2024-6963 | Tenda O3 1.0.0.10 formexeCommand cmdinput stack-based overflow

CVE-2024-24783 | crypto-x509 up to 1.21.7/1.22.0 on Go Certificate Chain crypto/tls null pointer dereference

CVE-2024-7786 | Sensei LMS Plugin up to 4.24.1 on WordPress Email Template information disclosure