This is a public record, and or proof of concept regarding CVE-2025-57444, a vulnerability affecting Radware's AlteonOS Web UI Management - 33.0.4.50, includes:
A classic lack of input validation into XSS, this vulnerability affects the AppShape++ Script on Description parameter. For more information on XSS and it's implication I suggests some other links for reference such as (this article doesn't check in depth effect such as stealing cookie because that would also check on the website's configuration, in general XSS behaves similarly):
To reproduce this vulnerability, you need acccess on account with AppShape++ Script privilege such as create and/or edit. We use basic payload:
<img src="#" onclick=alert(0) >
The following is simple step to reproduce the vulnerability.
insert payload on Appshape++ Script Description parameter
Trigger XSS payload