ExtremeControl Cross-Site Scripting Vulnerability in Login Interface

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in ExtremeControl versions prior to 25.5.12. The issue arises in the login interface, where user input is not properly sanitized before being inserted into HTML attributes. This flaw allows attackers to inject script code that could execute in the context of the user's browser under certain conditions. Exploitation of this vulnerability could result in the unauthorized exposure of user data or the execution of unintended actions within the browser.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's session.

Added: Jul 21, 2025, 2:26 PM

Updated: Jul 21, 2025, 2:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ExtremeControl Cross-Site Scripting Vulnerability in Login Interface

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating