CVE-2025-3261 | ThingsBoard up to 4.2.0 API Endpoint cross site scripting

A vulnerability identified as problematic has been detected in ThingsBoard up to 4.2.0. The affected element is an unknown function of the component API Endpoint. The manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2025-3261. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More