Cross-Site Scripting Vulnerability in Reolink by Reolink

CVE-2025-55620

What is CVE-2025-55620?

A vulnerability exists in the valuateJavascript() function of Reolink software, allowing attackers to inject arbitrary web scripts or HTML through crafted payloads. This XSS flaw can be exploited to manipulate user data or hijack user sessions, creating significant security risks for affected installations.

References