CVE-2025-37109 — Cross-site scripting vulnerability has been identified in HPE Telco Service Acti... | CVE Daily

Low CVSS 3.5

Overview

Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product

CWE: CWE-79 Published: 2025-07-31T20:15:32.520

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.5 (LOW)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags

Cross-site Scripting (XSS)