CVE-2025-49185 MEDIUM

CVE-2025-49185: Stored Cross-Site-Script

Vendor Sick Ag

Product SICK Field Analytics

Weakness CWE-79 · XSS

Published June 12, 2025

Last update June 12, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

Key dates

02Disclosure timeline

June 12, 2025 CVE published

June 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-49185 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-10756 PHPGurukul Online Shopping Portal html_table.php cross site scripting CVE-2021-25040 Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting CVE-2021-42548 reflected XSS in search functionality of WP Cloud Plugins - Share-one-Drive CVE-2025-4054 Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting