Unrated severityNVD Advisory· Published Oct 6, 2025· Updated Oct 6, 2025
Cross Site Scripting: Session Hijacking
CVE-2025-9913
Description
JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
Affected products
1- Range: all versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdfmitrevendor-advisory
- sick.com/psirtmitrex_SICK PSIRT Security Advisories
- www.cisa.gov/resources-tools/resources/ics-recommended-practicesmitrex_ICS-CERT recommended practices on Industrial Security
- www.first.org/cvss/calculator/3.1mitrex_CVSS v3.1 Calculator
- www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.jsonmitrex_The canonical URL.
- www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdfmitrex_SICK Operating Guidelines
News mentions
0No linked articles in our index yet.