AI description
CVE-2025-0643 describes an Improper Neutralization of Input During Web Page Generation, commonly known as a Cross-site Scripting (XSS) vulnerability. This flaw specifically affects Pyxis Signage software developed by Narkom Communication and Software Technologies Trade Ltd. Co.. The vulnerability allows for Stored XSS, meaning that malicious scripts can be permanently stored on the target server and are then delivered to other users without their knowledge or consent when they access the affected web page. This issue impacts versions of Pyxis Signage up to and including 31012025.
- Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Stored XSS. This issue affects Pyxis Signage: through 31012025.
- Source
- iletisim@usom.gov.tr
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- iletisim@usom.gov.tr
- CWE-79
- Hype score
- Not currently trending
⚠️⚠️ CVE-2025-0643: An integer overflow in Apache ActiveMQ's MQTT module allows authenticated attackers to trigger a Denial of Service (DoS) via malicious packets. 🔗FOFA Link: https://t.co/pScVISvXVQ 🎯3.2m+ Results are found on the https://t.co/pb16tGYaKe nearly yea
@fofabot
6 Mar 2026
1226 Impressions
3 Retweets
11 Likes
3 Bookmarks
1 Reply
0 Quotes
CVE-2025-0643 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. C… https://t.co/uy9mK1QVHg
@CVEnew
20 Nov 2025
293 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes