CVE-2019-25270
SOCA Access Control System 180612 Reflected Cross-Site Scripting via logged_page.php
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim's browser session.
| CWE | CWE-79 |
| Vendor | soca technology co., ltd |
| Product | soca access control system |
| Published | Jan 7, 2026 |
| Last Updated | May 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for soca technology co., ltd soca access control system
Be the first to know when new medium vulnerabilities affecting soca technology co., ltd soca access control system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
SOCA Technology Co., Ltd / SOCA Access Control System
180612 170000 141007
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5518.php packetstormsecurity.com: https://packetstormsecurity.com/files/152837 cxsecurity.com: https://cxsecurity.com/issue/WLB-2019050151 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/160976 socatech.com: https://www.socatech.com/
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab