CVE-2025-13902

Vulnerability Description

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

Vulnerability Details

Published Date

March 10, 2026

Last Modified

March 11, 2026

CWE ID

CWE-79

Source

NVD

Vendor

Schneider Electric

Product

Modicon Controllers M241/M251, Modicon Controllers M258/LMC058

External References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-02.pdf

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment