CVE-2025-5508 MEDIUM

CVE-2025-5508: TOTOLINK A3002RU IP Port Filtering Page cross site scripting

Vendor Totolink
Product A3002RU
Weakness CWE-79 · XSS
Published June 3, 2025
Last update June 3, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 3, 2025 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-49842 WordPress Rocket Maintenance Mode & Coming Soon Page Plugin <= 4.3 is vulnerable to Cross Site Scripting (XSS) CVE-2022-4966 sequentech admin-console Election Description cross site scripting CVE-2026-25484 Craft Commerce has Stored XSS in Product Type Name CVE-2024-34796 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2023-47231 WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)