{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T16:22:38.156","vulnerabilities":[{"cve":{"id":"CVE-2025-49185","sourceIdentifier":"psirt@sick.de","published":"2025-06-12T14:15:30.863","lastModified":"2026-01-29T17:33:37.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source."},{"lang":"es","value":"La aplicación web es susceptible a ataques de cross-site-scripting. Un atacante que cree nuevos widgets de panel puede inyectar código JavaScript malicioso en la función de transformación, que se ejecutará cuando el widget reciba datos de su fuente de datos."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sick:field_analytics:*:*:*:*:*:*:*:*","matchCriteriaId":"62EE84A7-E93D-411E-A6FC-4BEE5F4CD16D"}]}]}],"references":[{"url":"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF","source":"psirt@sick.de","tags":["Broken Link"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices","source":"psirt@sick.de","tags":["US Government Resource"]},{"url":"https://www.first.org/cvss/calculator/3.1","source":"psirt@sick.de","tags":["Not Applicable"]},{"url":"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]}]}}]}