CVE-2025-5543

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 58.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X2000rTotolink X2000r Firmware
Timeline
PublishedJun 3
Latest updateJun 4

Description

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/x2000r1.0.0-B20230726.1108
NVDtotolink/x2000r_firmware1.0.0-b20230726.1108

🔴Vulnerability Details

2
GHSA
GHSA-9xf4-53cr-j936: A vulnerability was found in TOTOLINK X2000R 12025-06-04
CVEList
TOTOLINK X2000R Parent Controls Page cross site scripting2025-06-03
CVE-2025-5543 (MEDIUM CVSS 4.8) | A vulnerability was found in TOTOLI | cvebase.io