CVE-2025-14773
Cross-Site Scripting in ABB T-MAC Plus
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Asea Brown Boveri Ltd. (ABB)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| abb | t-mac_plus | to 24 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue in ABB T-MAC Plus version 4.0-24. It occurs because the software improperly neutralizes input during web page generation, allowing malicious scripts to be injected and executed in the context of the affected web application.
How can this vulnerability impact me? :
The vulnerability can have a severe impact as it allows attackers to execute arbitrary scripts in the user's browser, potentially leading to unauthorized access, data theft, or manipulation. According to the CVSS v3.1 score of 8.0, it has high confidentiality, integrity, and availability impacts, meaning it can compromise sensitive information, alter data, and disrupt services.