CVE-2025-7746 XSS Vulnerability in Unknown Web App
CVE-2025-7746 Published on September 9, 2025

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victims browser.

NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2025-7746 has been classified to as a XSS vulnerability or weakness.


Affected Versions

Schneider Electric ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives: Schneider Electric ATV930/950/955/960/980/9A0/9B0/9L0/991/992/993 Altivar Process Drives: Schneider Electric ILC992 InterLink Converter: Schneider Electric ATV340E Altivar Machine Drives: Schneider Electric ATV6000 Medium Voltage Altivar Process Drives: Schneider Electric ATS490 Altivar Soft Starter: Schneider Electric VW3A3720 & VW3A3721 Altivar Process Communication Modules: Schneider Electric VW3A3530D: ATVdPAC module:

Exploit Probability

EPSS
0.06%
Percentile
16.96%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.