This issue affects Fireware OS: from 12.0 through 12.11.1.
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-15550 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. |
Sat, 17 May 2025 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 16 May 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. | |
| Title | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: WatchGuard
Published:
Updated: 2025-05-17T02:28:29.225Z
Reserved: 2025-05-16T00:27:06.016Z
Link: CVE-2025-4804
Updated: 2025-05-17T02:28:25.365Z
Status : Deferred
Published: 2025-05-16T21:15:35.350
Modified: 2026-06-17T09:34:02.910
Link: CVE-2025-4804
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD