Metrics
Affected Vendors & Products
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 17 Oct 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 16 Oct 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development. | |
Title | D-Link Nuclias Connect <= v1.3.1.4 Stored Cross-Site Scripting (XSS) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-10-17T14:28:40.054Z
Reserved: 2025-04-15T19:15:22.578Z
Link: CVE-2025-34253

Updated: 2025-10-17T14:28:37.574Z

Status : Received
Published: 2025-10-16T19:15:32.620
Modified: 2025-10-16T19:15:32.620
Link: CVE-2025-34253

No data.

No data.