Reflected Cross-Site Scripting Vulnerability in Kelio Visio Software
CVE-2025-1175

6.1MEDIUM

Key Information:

Vendor: Kelio
Status: Kelio Visio 1; Kelio Visio X7; Kelio Visio X4
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-1175?

The Kelio Visio software versions 3.2C to 5.1K are susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This issue allows attackers to potentially execute crafted JavaScript payloads by manipulating the 'username' parameter within a POST request to the '/PageLoginVisio.do' endpoint. Exploitation of this vulnerability could result in unauthorized actions executed in the context of an authenticated user, compromising personal data and application security.

Affected Version(s)

Kelio Visio 1 3.2C <= 5.1K

Kelio Visio X4 3.2C <= 5.1K

Kelio Visio X7 3.2C <= 5.1K

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

Ismael Pacheco Torrecilla