VYPR
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025

Reflected XSS vulnerability in pxc_PortCfg.php

CVE-2025-41750

Description

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

69
  • Phoenixcontact/FL NAT 2208cpe-rescue2 versions
    0.0.0+ 1 more
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
  • 0.0.0+ 1 more
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
  • Phoenixcontact/FL SWITCHcpe-rescue34 versions
    0.0.0+ 33 more
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
    • (no CPE)range: 0.0.0
  • Phoenix Contact/FL SWITCH 2204-2TC-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2206-2FX SMv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2206-2FX SM STv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2206-2FX STv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2206-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2206-2SFX PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2206C-2FXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2207-FX SMv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2212-2TC-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2214-2FX SMv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2214-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2214-2SFX PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2303-8SP1v5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2306-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2306-2SFP PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2312-2GC-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2314-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2314-2SFP PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2404-2TC-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2406-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2406-2SFX PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2412-2TC-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2414-2SFXv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2414-2SFX PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2504-2GC-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2506-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2506-2SFP/K1v5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2506-2SFP PNv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2512-2GC-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2514-2SFPv5
    Range: 0.0.0
  • Phoenix Contact/FL SWITCH 2514-2SFP PNv5
    Range: 0.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.