CVE-2025-8153

Summary

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows a attacker to inject an arbitrary scripts may be executed on the user's browser.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationUNIVERGE IXfrom Ver.9.5 to Ver.10.7affected
NEC CorporationUNIVERGE IXfrom Ver.10.8.21 to Ver.10.8.36affected
NEC CorporationUNIVERGE IXfrom Ver.10.9.11 to Ver.10.9.24affected
NEC CorporationUNIVERGE IXfrom Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6affected
NEC CorporationUNIVERGE IX-R/IX-VVer1.3.16, Ver1.3.21affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References