ThingsBoard up to 4.2.0 API Endpoint cross site scripting 🚫 [False Positive]

Noticeinfo

⚠️ It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

Productinfo

Type

• Forum Software

Name

• ThingsBoard

Version

• 4.0
• 4.1
• 4.2.0

License

• open-source

Website

• Product: https://github.com/thingsboard/thingsboard/

Timelineinfo

04/04/2025 CVE reserved
11/27/2025 +237 days Advisory disclosed
11/27/2025 +0 days VulDB entry created
12/16/2025 +19 days VulDB entry last update

Sourcesinfo

Product: github.com

Advisory: advisory.checkmarx.net
False Positive: Yes

CVE: CVE-2025-3261 (🔒)
GCVE (CVE): GCVE-0-2025-3261
GCVE (VulDB): GCVE-100-333714
EUVD: 🔒

Entryinfo

Created: 11/27/2025 20:20
Updated: 12/16/2025 12:44
Changes: 11/27/2025 20:20 (70), 11/27/2025 22:13 (1), 12/03/2025 15:38 (11), 12/16/2025 12:44 (3)
Complete: 🔍
Cache ID: 216::103

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion

Do you need the next level of professionalism?

Upgrade your account now!