CVE-2025-60737

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component

iSee857/ilevia-EVE-X1-Server-CSRF
iSee857/ilevia-EVE-X1-Server-CSRF
ilevia EVE X1 Server /bh_web_backend.The presence of DOM-based XSS combined with CSRF can access internal system data and execute JavaScript code.
GitHubGitHub