Description
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
Published: 2026-04-20
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: Reflected Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a reflected cross‑site scripting flaw that allows arbitrary JavaScript to run in a logged‑in user's browser when they visit a specially crafted page. The description does not specify additional consequences beyond the execution of that script in the browser context.

Affected Systems

The flaw exists in the SD‑330AC and AMC Manager appliances from silex technology, Inc. No specific vulnerable version ranges are publicly disclosed, so all deployed units should be considered at risk until a vendor patch is applied.

Risk and Exploitability

The CVSS v3.1 score of 5.1 indicates moderate severity, and the EPSS score is not available, so we cannot quantify current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers would need a legitimate authenticated user who has accessed the device to load a crafted URL; once loaded, the injected script runs in the context of that user's browser, exploiting trust in the device’s UI.

Generated by OpenCVE AI on April 20, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update for the SD‑330AC and AMC Manager devices as published by silex technology, Inc. (reference report https://www.silex.jp/support/security-advisories/2026-001).
  • If immediate update is not possible, configure the devices’ web interface to enforce a strict Content‑Security‑Policy that disallows inline scripts and restricts script sources to trusted origins.
  • Implement input sanitization on any user‑generated content displayed by the device, ensuring that output is properly escaped for HTML contexts to eliminate reflected script payloads.
  • Consider disabling or limiting the affected functions that render user input until the patch is applied.

Generated by OpenCVE AI on April 20, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title Reflected Cross‑Site Scripting via Crafted Web Pages

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 6.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-20T03:18:07.431Z

Reserved: 2026-03-17T00:23:24.981Z

Link: CVE-2026-32963

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:44.987

Modified: 2026-04-20T04:16:44.987

Link: CVE-2026-32963

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:00:08Z

Weaknesses