CVE-2025-2865
28.03.2025, 14:15
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.
| Vendor | Product | Version |
|---|---|---|
| arteche | satech_bcu_firmware | 2.1.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-942 - Permissive Cross-domain Policy with Untrusted DomainsThe software uses a cross-domain policy file that includes domains that should not be trusted.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.