CVE-2025-13936
published 2025-12-04CVE-2025-13936: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.15%
4.6th percentile
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| watchguard | fireware | >= 12.0.0 < 12.11.5 | 12.11.5 |
| watchguard | fireware | >= 12.5 < 12.5.14 | 12.5.14 |
| watchguard | fireware | >= 2025.1 < 2025.1.3 | 2025.1.3 |
| watchguard | fireware_os | 12.4 – 12.11.4 | — |
| watchguard | fireware_os | 12.5 – 12.5.13 | — |
| watchguard | fireware_os | 2025.1 – 2025.1.2 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.04.8MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_oracle8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q8vw-65qc-j457: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technolo
ghsa_unreviewed·2025-12-05
CVE-2025-13936 [MEDIUM] CWE-79 GHSA-q8vw-65qc-j457: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technolo
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Oracle
Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Apache Velocity Engine) — CVE-2020-13936
vendor_oracle·2025-07-15·CVSS 7.3
CVE-2020-13936 [HIGH] Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Apache Velocity Engine) — CVE-2020-13936
Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Apache Velocity Engine) vulnerability
CVE: CVE-2020-13936
CVSS: 7.3
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpujul2025 (JUL 2025)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Apache Velocity Engine) — CVE-2020-13936
vendor_oracle·2025-04-15·CVSS 8.8
CVE-2020-13936 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Apache Velocity Engine) — CVE-2020-13936
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Apache Velocity Engine) vulnerability
CVE: CVE-2020-13936
CVSS: 8.8
Protocol: Multiple
Remote exploit: No
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-04
Published