{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25200", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2026-01-30T06:07:11.090Z", "datePublished": "2026-02-02T04:49:13.086Z", "dateUpdated": "2026-02-26T15:04:40.615Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MagicINFO 9 Server", "vendor": "Samsung Electronics", "versions": [{"status": "affected", "version": "21.1090.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover</span>\n\n<br><p>This issue affects MagicINFO 9 Server: less than 21.1090.1.</p>"}], "value": "A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1090.1."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-02-02T04:49:13.086Z"}, "references": [{"url": "https://security.samsungtv.com/securityUpdates"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25200", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-03T04:55:46.300163Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:40.615Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25200", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-02T17:54:29.921969Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T17:54:35.496Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Electronics", "product": "MagicINFO 9 Server", "versions": [{"status": "affected", "version": "21.1090.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security.samsungtv.com/securityUpdates"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1090.1.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover</span>\n\n<br><p>This issue affects MagicINFO 9 Server: less than 21.1090.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-02-02T04:49:13.086Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25200", "state": "PUBLISHED", "dateUpdated": "2026-02-03T04:55:45.720Z", "dateReserved": "2026-01-30T06:07:11.090Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2026-02-02T04:49:13.086Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "72138C44-D3F0-4373-967F-831861E19195", "versionEndExcluding": "21.1090.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1090.1."}, {"lang": "es", "value": "Una vulnerabilidad en MagicInfo9 Server permite a usuarios autorizados subir archivos HTML sin autenticaci\u00f3n, lo que lleva a XSS Almacenado, que puede resultar en la toma de control de la cuenta.\n\nEste problema afecta a MagicINFO 9 Server: versiones anteriores a 21.1090.1."}], "id": "CVE-2026-25200", "lastModified": "2026-03-10T18:43:02.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2026-02-02T05:16:05.770", "references": [{"source": "PSIRT@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungtv.com/securityUpdates"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:46:00.988999+00:00", "value": {"mitigation_remediation": ["Deploy the latest version of Samsung MagicINFO 9 Server (21.1090.1 or later) that includes the file\u2011type validation fix.", "If an upgrade cannot be performed immediately, disable or remove the web upload feature and enforce manual page creation.", "Implement server\u2011side content\u2011type validation to reject non\u2011HTML files and sanitize any stored HTML to remove executable scripts.", "Enforce the principle of least privilege on user accounts that can access the upload functionality, limiting them to roles that do not require editing of public pages.", "Monitor web logs for abnormal file\u2011upload activity and block suspicious IP addresses."], "summary": {"action": "Immediate Patch", "impact": "Stored XSS leading to account takeover"}, "threat_synthesis": {"affected_systems": "Affected systems are Samsung Electronics MagicINFO 9 Server versions prior to 21.1090.1. The issue is specific to the file\u2011upload component of the server software.", "description_and_impact": "The vulnerability allows attackers to upload arbitrary HTML files to MagicINFO 9 Server. Because the server fails to validate the file type, the uploaded content is stored and later rendered in the web interface, enabling stored cross\u2011site scripting under CWE\u2011434. A malicious script can then be executed in the browser context of any authenticated user, providing a path to hijack accounts and compromise data integrity.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, and while the EPSS score is below 1\u202f%, the exploit potential remains significant in targeted environments where the application is publicly exposed. The attack requires a valid user session to upload files, but no additional authentication or privileges are enforced, making it feasible for authenticated or compromised accounts to execute malicious scripts."}}}}, "created": "2026-02-02T09:26:14.532051+00:00", "title": "Stored XSS via Unrestricted HTML Upload in Samsung MagicINFO 9 Server", "updated": "2026-04-18T01:00:11.615964+00:00", "vendors": ["samsung_electronics", "samsung_electronics$PRODUCT$magicinfo_9_server"]}