EUVD-2025-15093

ID: EUVD-2025-15093

Severity: low

CVSS v4: 2.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Timestamps

Normalized: 2025-12-31T11:32:31Z UTC
Last updated: 2025-12-31T11:31:06Z UTC

References

No references provided.

VulnAI

EUVD-2025-15093

Description

Timestamps

References