Stored Cross-Site Scripting Vulnerability in D-Link Nuclias Connect
CVE-2025-34253
5.1MEDIUM
What is CVE-2025-34253?
D-Link Nuclias Connect firmware versions up to 1.3.1.4 are susceptible to a stored cross-site scripting (XSS) vulnerability. This vulnerability arises from inadequate sanitization of the 'Network' field during configuration editing and profile creation. An authenticated attacker can exploit this flaw to inject arbitrary JavaScript, which executes in the browser context of other users who view the compromised profile entry. D-Link is actively working on a solution to address this issue.
Affected Version(s)
Nuclias Connect 0 < 1.3.1.4
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Alex Williams from Pellera Technologies