CVE-2026-32963 MEDIUM

CVE-2026-32963

Vendor Silex Technology, Inc.

Product SD-330AC

Weakness CWE-79 · XSS

Published April 20, 2026

Last update April 20, 2026

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.

Key dates

02Disclosure timeline

April 20, 2026 CVE published

April 20, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-32963 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-2433 YARPP – Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-42476 Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence CVE-2023-3970 GZ Scripts Availability Booking Calendar PHP Image cross site scripting CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import

Identifiers

CVE CVE-2026-32963

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Silex Technology, Inc.

Product SD-330AC

Affected Ver.1.42 and earlier

Vendor Silex Technology, Inc.

Product AMC Manager

Affected Ver.5.0.2 and earlier