{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-5127","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-05-23T18:09:27.021Z","datePublished":"2025-05-24T15:31:04.412Z","dateUpdated":"2025-10-15T13:18:44.998Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-10-15T13:18:44.998Z"},"title":"Teledyne FLIR AX8 prod.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"Teledyne FLIR","product":"AX8","versions":[{"version":"1.46.0","status":"affected"},{"version":"1.46.1","status":"affected"},{"version":"1.46.2","status":"affected"},{"version":"1.46.3","status":"affected"},{"version":"1.46.4","status":"affected"},{"version":"1.46.5","status":"affected"},{"version":"1.46.6","status":"affected"},{"version":"1.46.7","status":"affected"},{"version":"1.46.8","status":"affected"},{"version":"1.46.9","status":"affected"},{"version":"1.46.10","status":"affected"},{"version":"1.46.11","status":"affected"},{"version":"1.46.12","status":"affected"},{"version":"1.46.13","status":"affected"},{"version":"1.46.14","status":"affected"},{"version":"1.46.15","status":"affected"},{"version":"1.46.16","status":"affected"},{"version":"1.49.16","status":"unaffected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of addressing this issue. It is recommended to upgrade the affected component. The vendor points out: \"FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.\""},{"lang":"de","value":"Es wurde eine Schwachstelle in Teledyne FLIR AX8 up to 1.46.16 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /prod.php. Durch das Manipulieren des Arguments cmd mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Mit einem Upgrade auf Version 1.49.16 lässt sich dieses Problem beheben. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C"}}],"timeline":[{"time":"2025-05-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-05-23T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-10-15T15:23:25.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"XU17 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.310205","name":"VDB-310205 | Teledyne FLIR AX8 prod.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.310205","name":"VDB-310205 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.572265","name":"Submit #572265 | FLIR AX8 <= 1.46 XSS","tags":["third-party-advisory"]},{"url":"https://github.com/YZS17/CVE/blob/main/XSS%20vulnerability%20in%20FLIR%20AX8.md","tags":["broken-link","exploit"]}]},"adp":[{"references":[{"url":"https://github.com/YZS17/CVE/blob/main/XSS%20vulnerability%20in%20FLIR%20AX8.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-27T14:23:24.595849Z","id":"CVE-2025-5127","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-28T17:40:21.667Z"}}]}}