Reflected Cross-site Scripting Vulnerability in ISOinsight by NetVision Information
CVE-2025-15355

5.1MEDIUM

Key Information:

Vendor: Netvision Information
Status: Isoinsight
Vendor: CVE Published:; 30 December 2025

🔔 Create Netvision Information Vulnerability Alert

What is CVE-2025-15355?

ISOinsight, developed by NetVision Information, is vulnerable to a reflected cross-site scripting issue, which allows unauthenticated attackers to inject arbitrary JavaScript code into a victim's browser. This vulnerability poses significant risks as it can be exploited through phishing attacks, enabling attackers to perform malicious actions without the user's consent.

Affected Version(s)

ISOinsight 2.9.0.* < 2.9.0.250911

ISOinsight 3.0.0.* < 3.0.0.251127

References

https://www.twcert.org.tw/tw/cp-132-10609-0221b-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10610-b98b4-2.html

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 30, 2025

CVE-2025-15355 Data

JSON