CVE-2025-66258
7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:H/SI:N/SA:N
Summary
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml.
User-controlled filenames are directly concatenated into patchlist.xml without encoding, allowing injection of malicious JavaScript payloads via crafted filenames (e.g., <img src=x onerror=alert()>.bin). The XSS executes when ajax.js processes and renders the XML file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 30 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 50 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 100 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 300 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 500 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 1000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 2000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 3000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 3500 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 6000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 7000 | affected |
Weaknesses
- CWE-79: CWE-79 Stored Cross-Site Scripting via XML Injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.