CVE-2025-7746
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-11-03
Assigner: Schneider Electric SE
Description
Description
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | atv9a0 | * |
| schneider_electric | atv650 | * |
| schneider_electric | atv991 | * |
| schneider_electric | atv6000 | * |
| schneider_electric | atv992 | * |
| schneider_electric | ats490 | * |
| schneider_electric | atv960 | * |
| schneider_electric | atv980 | * |
| schneider_electric | atvdpac_module | * |
| schneider_electric | atv950 | * |
| schneider_electric | atv340e | * |
| schneider_electric | atv9l0 | * |
| schneider_electric | vw3a3720 | * |
| schneider_electric | atv660 | * |
| schneider_electric | atv9b0 | * |
| schneider_electric | atv993 | * |
| schneider_electric | atv630 | * |
| schneider_electric | atv930 | * |
| schneider_electric | atv680 | * |
| schneider_electric | ilc992 | * |
| schneider_electric | vw3a3721 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-site Scripting (XSS) issue where improper neutralization of input during web page generation allows unvalidated data injected by a malicious user to potentially modify or read data in a victim's browser.
How can this vulnerability impact me? :
This vulnerability can allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized reading or modification of data in the victim's browser, which can compromise user data and session integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70