EUVD-2025-15094
ID: EUVD-2025-15094
Severity: low
CVSS v4: 2.0 (CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N)
CVSS v3: Not provided
CWE: None listed
Source: ENISA
Description
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).
Timestamps
- Normalized:
- Last updated:
References
No references provided.