Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52378

Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICE_ALIAS parameter to the /web/um_device_set_aliasname endpoint.

Published

2025-07-15T15:15:25.110

Last Modified

2025-07-15T20:07:28.023

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

References

https://github.com/Vagebondcur/nexxt-solutions-NCM-X1800-exploits ([email protected])
https://github.com/Vagebondcur/nexxt-solutions-NCM-X1800-exploits/blob/main/CVE-2025-52378/writeup.md ([email protected])