CVE-2025-8153

CWE-79Cross-site Scripting (XSS)CWE-1314 documents4 sources
Severity
5.1MEDIUM
EPSS
0.1%
top 81.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NEC Corporation Univerge IXNEC Corporation Univerge Ix-r/ix-v
Timeline
PublishedSep 17

Description

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows a attacker to inject an arbitrary scripts may be executed on the user's browser.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5nec_corporation/univerge_ix4 versions+3
CVEListV5nec_corporation/univerge_ix-r/ix-vVer1.3.16, Ver1.3.21

🔴Vulnerability Details

2
GHSA
GHSA-4f4p-9vfr-w7m4: Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver2025-09-17
CVEList
CVE-2025-8153: Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver2025-09-17
CVE-2025-8153 (MEDIUM CVSS 5.1) | Cross-site Scripting vulnerability | cvebase.io