CVE-2025-5742 MEDIUM

CVE-2025-5742

Vendor Schneider Electric
Product EVLink WallBox
Weakness CWE-79 · XSS
Published June 10, 2025
Last update June 10, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-2765 Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2025-24578 WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability CVE-2022-20659 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability CVE-2024-29106 WordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerability