CVE-2025-1679 — Cross-site Scripting in Tn-4500a Series

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 84.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Tn-4500a Series Moxa Tn-5500a Series Moxa Tn-g4500 Series +1 more

Timeline

PublishedOct 23

Description

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availab…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages4 packages

▶CVEListV5moxa/tn-4500a_series1.0 — 3.13

▶CVEListV5moxa/tn-5500a_series1.0 — 3.13

▶CVEListV5moxa/tn-g4500_series1.0 — 5.5

▶CVEListV5moxa/tn-g6500_series1.0 — 5.5

🔴Vulnerability Details

CVEList

CVE-2025-1679: Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious script↗2025-10-23

▶

GHSA

GHSA-pfrw-8vrh-4v8w: Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious script↗2025-10-23

▶