Overview A stored cross-site scripting (XSS) vulnerability, identified as CVE-2025-34260, has been discovered in Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability allows an attacker to inject malicious script into the schedule name of an existing task. When other users view or interact with the affected schedule, the injected script executes within their browser context, potentially leading to session compromise and unauthorized actions. Technical Details The vulnerability resides in the /rmm/v1/action/schedule endpoint. An authenticated user can add a schedule to an existing task through this endpoint. The schedule name provided by the user is stored in the system’s database…
-
-
Overview A significant security vulnerability, identified as CVE-2025-34259, has been discovered in Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability is a stored cross-site scripting (XSS) flaw located within the /rmm/v1/devicemap/building endpoint. This allows attackers to inject malicious scripts into the application, potentially compromising user sessions and enabling unauthorized actions. Technical Details The vulnerability exists because the name parameter, used when creating a map entry via the /rmm/v1/devicemap/building endpoint, is not properly sanitized before being stored and rendered in the map list UI. An authenticated user with malicious intent can inject arbitrary HTML and JavaScript code into the name…
-
Overview CVE-2025-34258 describes a stored cross-site scripting (XSS) vulnerability found in Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability allows an authenticated attacker to inject malicious JavaScript code into the application, which can then be executed in the browser of other users, potentially leading to session hijacking, data theft, and other malicious activities. This poses a significant risk to organizations using the affected software. Technical Details The vulnerability exists in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored without proper HTML sanitization. This allows an attacker to insert…
-
Overview CVE-2025-34257 describes a stored cross-site scripting (XSS) vulnerability affecting Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability exists within the /rmm/v1/action/defined endpoint. An authenticated attacker can inject malicious JavaScript code into the defined_name field when creating a task. This code is then stored by the server and executed in the browser of other users who view the task’s Overview page, leading to potential session hijacking and unauthorized actions. Technical Details The vulnerability stems from a lack of proper HTML sanitization of the defined_name value. When an authenticated user creates a new task within the WISE-DeviceOn Server, the provided…
-
Overview CVE-2025-34256 describes a critical vulnerability affecting Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability stems from the use of a hard-coded cryptographic key, specifically a static HS512 HMAC secret, used for signing EIRMMToken JWTs (JSON Web Tokens) across all installations. This allows a remote, unauthenticated attacker to forge JWTs, impersonate any DeviceOn account, including the root super admin, and gain complete control over the DeviceOn instance. Technical Details The core issue is the usage of a static, pre-defined HMAC secret for signing JWTs. This violates fundamental security principles. Because the secret is the same for all installations, an…
-
Overview CVE-2020-36882 describes a security vulnerability found in Flexsense DiskBoss version 7.7.14. This flaw allows unauthenticated attackers to upload arbitrary files to the system via the /Command/Search Files/Directory field. Successfully exploiting this vulnerability results in a denial of service (DoS) by crashing the DiskBoss application. Technical Details The vulnerability stems from insufficient input validation in the /Command/Search Files/Directory field. An attacker can send a crafted request to this endpoint, containing a malicious payload disguised as a directory or filename. Because the software doesn’t properly sanitize or validate the uploaded file, it attempts to process the malicious content, leading to an…
-
Overview CVE-2020-36881 describes a local buffer overflow vulnerability found in Flexsense DiskBoss version 7.7.14. This vulnerability resides in the ‘Input Directory’ component and allows an unauthenticated attacker to potentially execute arbitrary code on the affected system. The exploit is triggered by pasting a specially crafted directory path into the ‘Add Input Directory’ field. Technical Details The vulnerability is a classic buffer overflow. When a user attempts to add a new input directory using the ‘Add Input Directory’ field, the application fails to properly validate the length of the provided path. By providing a string exceeding the buffer’s allocated size, an…
-
Overview CVE-2020-36880 describes a local buffer overflow vulnerability present in Flexsense DiskBoss version 7.7.14. This vulnerability resides within the ‘Reports and Data Directory’ field of the application, potentially allowing a local attacker to execute arbitrary code on the affected system. Technical Details The vulnerability stems from insufficient input validation when handling user-supplied data for the ‘Reports and Data Directory’ field. By providing an overly long string to this field, an attacker can overwrite adjacent memory regions, leading to a buffer overflow condition. Successful exploitation could grant the attacker the ability to inject and execute malicious code with the privileges of…
-
Overview This article details a critical security vulnerability, identified as CVE-2020-36879, affecting Flexsense DiskBoss version 11.7.28. This vulnerability allows unauthenticated attackers to elevate their privileges and execute arbitrary code with system-level privileges during startup or reboot. The root cause is an unquoted service path, which enables attackers to inject malicious commands. Technical Details The vulnerability lies in how DiskBoss’s services are configured. Specifically, the path to the service executable is not enclosed in quotes. This allows an attacker to insert malicious executables into directories along the service path. When the operating system attempts to start the service, it may inadvertently…
-
Overview CVE-2020-36878 details a critical unauthenticated file disclosure vulnerability affecting ReQuest Serious Play Media Player version 3.0. This flaw allows remote attackers to access sensitive files on the server due to improper validation of input passed through the ‘file’ parameter within a script. By manipulating this parameter, attackers can potentially read arbitrary web log files and other sensitive local resources. Technical Details The vulnerability stems from a lack of proper sanitization of the ‘file’ parameter within a specific script of the ReQuest Serious Play Media Player. When a request containing a crafted ‘file’ parameter is sent to the server, the…