CVE-2025-2865

LOW Year: 2025
Weakness Type
CWE-942
View all →

Vulnerability Description

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Related Vulnerabilities

CVE-2021-27786

CRITICAL
CVSS:9.8(Critical)

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial r...

CWE-9422021

CVE-2022-26969

CRITICAL
CVSS:9.8(Critical)

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

CWE-9422022

CVE-2022-31736

CRITICAL
CVSS:9.8(Critical)

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CWE-9422022

CVE-2023-50940

CRITICAL
CVSS:9.8(Critical)

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being...

CWE-9422023

CVE-2024-37131

CRITICAL
CVSS:9.8(Critical)

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leadi...

CWE-9422024

CVE-2023-25603

CRITICAL
CVSS:9.1(Critical)

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privil...

CWE-9422023