CVE-2025-11851

LOW

Apeman ID71 EN75.8.53.20 - Cross-Site Scripting via /set_alias.cgi Alias Parameter

Title source: llm
STIX 2.1

Description

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.328797
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.328797
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.668771

Scores

CVSS v3 3.5
EPSS 0.0031
EPSS Percentile 22.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
Apeman/ID71 EN75.8.53.20
Published Oct 16, 2025
Tracked Since Feb 18, 2026