Cross Site Scripting Vulnerability in AllStarLink Supermon by AllStarLink
CVE-2025-11278

5.3MEDIUM

Key Information:

Vendor

Allstarlink

Status
Supermon
Vendor
CVE Published:
5 October 2025

What is CVE-2025-11278?

A vulnerability has been identified in the AllStarLink Supermon application that affects versions up to 6.2. This security flaw resides within the AllMon2 component, enabling attackers to perform cross site scripting (XSS) attacks remotely. If exploited, this vulnerability can allow unauthorized script execution in the context of a user's web browser, potentially compromising sensitive information or user sessions. The vendor has been contacted regarding this issue, but no response has been received. Additionally, this vulnerability impacts products that are no longer actively maintained.

Affected Version(s)

Supermon 6.0

Supermon 6.1

Supermon 6.2

References

https://vuldb.com/?id.327012
vdb-entry
https://vuldb.com/?ctiid.327012
signaturepermissions-required
https://vuldb.com/?submit.659016
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

c4ng4c3ir0 (VulDB User)
JSON
.
CVE-2025-11278 : Cross Site Scripting Vulnerability in AllStarLink Supermon by AllStarLink