CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25200

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://security.samsungtv.com/securityUpdates

Products affected by CVE-2026-25200

Samsung » Magicinfo 9 Server » Version: N/A

cpe:2.3:a:samsung:magicinfo_9_server:-
Samsung » Magicinfo 9 Server » Version: 21.1000.3

cpe:2.3:a:samsung:magicinfo_9_server:21.1000.3
Samsung » Magicinfo 9 Server » Version: 21.1010.2

cpe:2.3:a:samsung:magicinfo_9_server:21.1010.2
Samsung » Magicinfo 9 Server » Version: 21.1020.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1020.0
Samsung » Magicinfo 9 Server » Version: 21.1030.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1030.0
Samsung » Magicinfo 9 Server » Version: 21.1040.2

cpe:2.3:a:samsung:magicinfo_9_server:21.1040.2
Samsung » Magicinfo 9 Server » Version: 21.1040.3

cpe:2.3:a:samsung:magicinfo_9_server:21.1040.3
Samsung » Magicinfo 9 Server » Version: 21.1050.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1050.0
Samsung » Magicinfo 9 Server » Version: 21.1052.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1052.0
Samsung » Magicinfo 9 Server » Version: 21.1060.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1060.0
Samsung » Magicinfo 9 Server » Version: 21.1070.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1070.0
Samsung » Magicinfo 9 Server » Version: 21.1080.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1080.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25200

Products

Pricing

Contact Us