CVE-2026-6059
Received
Received - Intake
Cross-Site Scripting in Aterm Web Management Interface
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: NEC Corporation
Description
Description
A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nec | aterm | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue found in Aterm devices. It allows an attacker to execute arbitrary scripts in the web browser of a user who accesses the device's web management interface from an adjacent network.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can run malicious scripts in the context of the user's browser when they access the web management interface. This can lead to unauthorized actions, data theft, or session hijacking for users managing the device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70