CVE-2025-41442

Medium CVSS 5.4

Overview

A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.

CWE: CWE-79 Published: 2025-07-11T00:15:24.347

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.4 (MEDIUM)
Detected tags: info_leak, xss (tag impact: MODERATE)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags