CVE-2025-0424
Published: Feb 18, 2025
Modified: Feb 18, 2025
Description
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their session using an "Authenticated Stored Cross-Site Scripting". Those other users might have more privileges than the attacker, enabling a form of horizontal movement.
| Vendor | Product | Versions |
|---|---|---|
Cordaware | bestinformed Web | affected 0 - < 6.2.2.5unaffected 6.2.2.5 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now