CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

June 3, 2025

CVE ID : CVE-2025-5505

Published : June 3, 2025, 3:16 p.m. | 17 minutes ago

Description : A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5504 – TOTOLINK X2000R Command Injection Vulnerability

Next Article CVE-2025-5503 – TOTOLINK X15 Stack-Based Buffer Overflow Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

Critical Fortinet flaws now exploited in Qilin ransomware attacks

Night of the Dancing Zombies

New Xbox games launching this week, from April 28 through May 4 — Towerborne arrives in Xbox Game Pass

Path: A Machine Learning Method for Training Small-Scale (Under 100M Parameter) Neural Information Retrieval Models with as few as 10 Gold Relevance Labels

Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security

Kit â€“ lightweight, modular framework for scalable web development

Team Cherry offers an update on ‘Hollow Knight: Silksong,’ insisting the gameisstillcoming

CVE-2025-4516 – CPython Bytes Decode Unicode Escape Vulnerability

CVE-2025-5382 – Devolutions Server Access Control Bypass

CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

Related Posts