MEDIUM🇬🇧 English

CVE-2025-49185

CVSS 5.5v3.1pub. 2025-06-12upd. 2026-01-29

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
  • Sick Field Analytics

    APP
    Sick
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-49199HIGH8.8ten sam produkt

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a ...

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2025-49187MEDIUM5.3ten sam produkt

For failed login attempts, the application returns different error messages depending on whether the login fai...

CVE-2025-49190MEDIUM4.3ten sam produkt

The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server in...

CVE-2025-49188MEDIUM5.3ten sam produkt

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to infor...