CVE-2025-14773

HIGH

Stored Cross-Site Scripting in ABB T-MAC Plus web application

Title source: cna

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

References (1)

Core 1

Core References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 8.0

EPSS 0.0018

EPSS Percentile 7.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (2)

ABB/T-MAC Plus 4.0-24

abb/t-mac_plus 4.0-24

Published Jun 03, 2026

Tracked Since Jun 03, 2026