Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025
Reflected XSS vulnerability in dyn_conn.php
CVE-2025-41695
Description
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
Affected products
69- Phoenix Contact/FL NAT 2008v5Range: 0.0.0
- Phoenix Contact/FL NAT 2208v5Range: 0.0.0
- Phoenix Contact/FL NAT 2304-2GC-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2005v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2008v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2008Fv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2016v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2105v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2108v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2116v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2204-2TC-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2205v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206-2FXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206-2FX SMv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206-2FX SM STv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206-2FX STv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206-2SFX PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2206C-2FXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2207-FXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2207-FX SMv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2208v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2208Cv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2208 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2212-2TC-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2214-2FXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2214-2FX SMv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2214-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2214-2SFX PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2216v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2216 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2303-8SP1v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2304-2GC-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2306-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2306-2SFP PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2308v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2308 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2312-2GC-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2314-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2314-2SFP PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2316v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2316/K1v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2316 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2404-2TC-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2406-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2406-2SFX PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2408v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2408 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2412-2TC-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2414-2SFXv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2414-2SFX PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2416v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2416 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2504-2GC-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2506-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2506-2SFP/K1v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2506-2SFP PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2508v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2508/K1v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2508 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2512-2GC-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2514-2SFPv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2514-2SFP PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2516v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2516 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2608v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2608 PNv5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2708v5Range: 0.0.0
- Phoenix Contact/FL SWITCH 2708 PNv5Range: 0.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.