1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: iView
- Vulnerabilities: Cross-site Scripting, SQL Injection, Path Traversal, Argument Injection.
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Advantech products are affected:
- iView: Versions prior to 5.7.05 build 7057
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CWE-79
A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user’s browser, potentially leading to information disclosure or other malicious activities.
CVE-2025-53397 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
A CVSS v4 score has also been calculated for CVE-2025-53397. A base score of 5.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N).