CVE ID : CVE-2025-6563
Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago
Description : A cross-site scripting vulnerability is present in the hotspot of MikroTik’s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker’s account) and triggers the payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More
