Security Advisory

CVE-2025-66574

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-04 20:45:44

Last updated 2026-04-07 14:09:51

Assigner VulnCheck

State PUBLISHED

Description

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

← Browse all CVEs View on cve.org ↗