CVE-2025-27448

Summary

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.

Affected Software

VendorProductVersion RangeStatus
Endress+HauserEndress+Hauser MEAC300-FNADE40 <= <=0.16.0affected
Endress+HauserEndress+Hauser MEAC300-FNADE4>=0.17.0unaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References