Security Advisory

CVE-2025-49191

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-12 14:08:02

Last updated 2025-06-12 14:12:22

Assigner SICK AG

State PUBLISHED

Description

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

← Browse all CVEs View on cve.org ↗