CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user.
References
Link Resource
https://jvn.jp/en/jp/JVN51394666/ Third Party Advisory
https://www.uchida.co.jp/wivia/support02.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:uchida:wivia_5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:uchida:wivia_5:-:*:*:*:*:*:*:*

History

04 Jun 2025, 19:58

Type Values Removed Values Added
First Time Uchida
Uchida wivia 5 Firmware
Uchida wivia 5
References () https://jvn.jp/en/jp/JVN51394666/ - () https://jvn.jp/en/jp/JVN51394666/ - Third Party Advisory
References () https://www.uchida.co.jp/wivia/support02.html - () https://www.uchida.co.jp/wivia/support02.html - Vendor Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.1
CPE cpe:2.3:h:uchida:wivia_5:-:*:*:*:*:*:*:*
cpe:2.3:o:uchida:wivia_5_firmware:*:*:*:*:*:*:*:*

30 May 2025, 16:31

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de cross-site scripting en todas las versiones de Wivia 5. Si se explota, cuando un usuario se conecta al dispositivo afectado mediante una operación específica, se puede ejecutar un script arbitrario en el navegador web del moderador.

30 May 2025, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-30 07:15

Updated : 2025-06-04 19:58


NVD link : CVE-2025-41406

Mitre link : CVE-2025-41406

CVE.ORG link : CVE-2025-41406


JSON object : View

Products Affected

uchida

  • wivia_5_firmware
  • wivia_5
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')