CVE-2025-41750 — Cross-site Scripting in Contact FL NAT 2008
Severity
7.1HIGHNVD
EPSS
0.2%
top 58.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 9
Latest updateDec 18
Description
An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7
Affected Packages138 packages
🔴Vulnerability Details
2🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Phoenix Contact pxc_PortCfg.php port Parameter Cross Site Scripting Attempt (CVE-2025-41750)↗2025-12-18