Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:NExplorance Blue
APPExplorance8.1.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2025-57792CRITICAL10.0PL ✓ten sam produkt
SQL Injection bez uwierzytelnienia w Explorance Blue (CVE-2025-57792)
CVE-2025-57794CRITICAL9.1PL ✓ten sam produkt
RCE przez unrestricted file upload w Explorance Blue (panel admina)
CVE-2025-57795CRITICAL9.9PL ✓ten sam produkt
RCE przez podatny upload plików w Explorance Blue (CVE-2025-57795)
CVE-2025-57793HIGH8.6ten sam produkt
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validati...
CVE-2025-57796MEDIUM6.8ten sam produkt
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to p...