← volver
CVE-2025-1175

Cross-Site Scripting (XSS) vulnerability in Kelio Visio

CVSS 6.1 MEDIUMEPSS 0.3%CWE-79
Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’ parameter of the ‘/PageLoginVisio.do’ endpoint.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Kelio · Kelio Visio 1Kelio · Kelio Visio X4Kelio · Kelio Visio X7

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-kelio-visio