Cross-site scripting in NEC Corporation products - CVE-2026-6059
Published: May 26, 2026
Vulnerability identifier: #VU132309
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-6059
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: NEC Corporation
Affected software:
Aterm 19000T12BE
Aterm WX3000HP2
Aterm WX4200D5
Aterm WX11000T12
Aterm WX7800T8
Aterm WX5400HP
Aterm WX1800HP
Aterm GX621A1
Aterm SH621A1
Aterm 19000T12BE
Aterm WX3000HP2
Aterm WX4200D5
Aterm WX11000T12
Aterm WX7800T8
Aterm WX5400HP
Aterm WX1800HP
Aterm GX621A1
Aterm SH621A1
Detailed vulnerability description
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
How to mitigate CVE-2026-6059
Install updates from vendor's website.