CVE-2025-9913
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-06
Assigner: SICK AG
Description
Description
JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | sick_enterprise_analytics | * |
| sick | sick_logistic_analytics | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows JavaScript code to be executed inside the browser's address bar through the dashboard's "Open in new Tab" button. This behavior makes the application susceptible to session hijacking attacks.
How can this vulnerability impact me? :
The vulnerability can lead to session hijacking, where an attacker could potentially take over a user's session, gaining unauthorized access to their account or sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70