CVE-2026-32963
published 2026-04-20CVE-2026-32963: SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device…
PriorityP425medium5.1CVSS 4.0
AVNACLATNPRNUIAVCNVINVANSCLSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.16%
5.7th percentile
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silex_technology_inc | amc_manager | — | — |
| silex_technology_inc | sd-330ac | — | — |
| silextechnology | amc_manager | < 5.1.0 | 5.1.0 |
| silextechnology | sd-330ac_firmware | < 1.50 | 1.50 |
CVSS provenance
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v94v-gwmf-jhq8: SD-330AC and AMC Manager provided by silex technology, Inc
ghsa_unreviewed·2026-04-20
CVE-2026-32963 [MEDIUM] CWE-79 GHSA-v94v-gwmf-jhq8: SD-330AC and AMC Manager provided by silex technology, Inc
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
VulDB
silex SD-330AC/AMC Manager Web cross site scripting
vuldb·2026-04-20·CVSS 5.1
CVE-2026-32963 [MEDIUM] silex SD-330AC/AMC Manager Web cross site scripting
A vulnerability was found in silex SD-330AC and AMC Manager. It has been classified as problematic. This impacts an unknown function of the component Web Handler. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2026-32963. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is recommended.
No detection rules found.
No public exploits indexed.
2026-04-20
Published