CVE-2025-1613 MEDIUM

CVE-2025-1613: FiberHome AN5506-01A ONU GPON URL Filtering Submenu URL_filterCfg cross site scripting

Vendor Fiberhome
Product AN5506-01A ONU GPON
Weakness CWE-79 · XSS
Published February 24, 2025
Last update February 24, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in FiberHome AN5506-01A ONU GPON RP2511. It has been rated as problematic. This issue affects some unknown processing of the file /goform/URL_filterCfg of the component URL Filtering Submenu. The manipulation of the argument url_IP leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 24, 2025 CVE published
February 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-26053 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-13648 Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-38198 BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server CVE-2025-9876 Ird Slider <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-47547 WordPress Products, Order & Customers Export for WooCommerce Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)