CVE-2025-13589
Description
FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FMS by Otsuka Information Technology has a reflected XSS vulnerability allowing unauthenticated attackers to execute arbitrary JavaScript via phishing.
Vulnerability
Analysis
FMS, developed by Otsuka Information Technology, contains a reflected Cross-site Scripting (XSS) vulnerability [1][2]. The flaw arises from improper sanitization of user input in the application, enabling attackers to inject arbitrary JavaScript code into web pages [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by crafting a malicious link and tricking a user into clicking it (phishing) [1][2]. No authentication is required, and the attack is conducted over the network with low complexity [2]. The user interaction is required, as the victim must click the crafted URL [2].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the context of the vulnerable application [1]. This can lead to session hijacking, data theft, or other malicious actions as the attacker can manipulate the web page content and steal sensitive information [1][2].
Mitigation
The vulnerability affects FMS version 20251014.10r45111 and earlier [2]. Users are advised to update to version 20251020.18r45177 or later, which contains the fix [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.