QSearchQSearch

CVE-2025-67448

7.1 HIGH

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS

Published: 2026-06-04 · Last updated: 2026-06-04

Severity and scoring

CVSS
7.1 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CWE
CWE-79

Description

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-9125 The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_ov... (6.4 MEDIUM)
  • CVE-2026-42653 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS (7.1 HIGH)
  • CVE-2026-46489 SolidInvoice is an open-source invoicing platform (8.1 HIGH)
  • CVE-2026-8589 GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0... (7.3 HIGH)
  • CVE-2026-10087 GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2... (8.7 HIGH)